# AdwCleaner v5.031 - Logfile created 30/01/2016 at 11:53:24
# Updated 25/01/2016 by Xplode
# Database : 2016-01-25.3 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Supermatt - SUPERMATT-PC
# Running from : C:\Users\Supermatt\Downloads\Programs\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum
***** [ Services ] *****
Service Found : YahooAUService
***** [ Folders ] *****
Folder Found : C:\Device
Folder Found : C:\Program Files (x86)\B1 Free Archiver
Folder Found : C:\Program Files (x86)\TweakBit
Folder Found : C:\Program Files (x86)\Uniblue
Folder Found : C:\Program Files (x86)\Yahoo!\Companion
Folder Found : C:\ProgramData\SecTaskMan
Folder Found : C:\ProgramData\simplitec
Folder Found : C:\ProgramData\TweakBit
Folder Found : C:\ProgramData\Uniblue
Folder Found : C:\ProgramData\Yahoo! Companion
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\B1 Free Archiver
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
Folder Found : C:\Users\Supermatt\AppData\Local\SecTaskMan
Folder Found : C:\Users\Supermatt\AppData\LocalLow\Yahoo! Companion
Folder Found : C:\Users\Supermatt\AppData\LocalLow\Yahoo!\Companion
Folder Found : C:\Users\Supermatt\AppData\Roaming\simplitec
Folder Found : C:\Users\Supermatt\AppData\Roaming\Uniblue
Folder Found : C:\Users\Supermatt\AppData\Roaming\Yahoo!\Companion
***** [ Files ] *****
File Found : C:\Users\Public\Desktop\Powersuite.lnk
File Found : C:\Windows\SysNative\drivers\netfilter2.sys
***** [ DLL ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
Task Found : powersuite_monitor
***** [ Registry ] *****
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{1F91A9A1-01BA-4C81-863D-3BA0751E1419}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Appscion
Key Found : HKCU\Software\b1.org
Key Found : HKCU\Software\WEBAPP
Key Found : HKCU\Software\Yahoo\Companion
Key Found : HKCU\Software\Yahoo\YFriendsBar
Key Found : HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKLM\SOFTWARE\b1.org
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : HKLM\SOFTWARE\Yahoo\Companion
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AF549236-6258-4AC6-A043-5B5B89C6EB61}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Found : [x64] HKLM\SOFTWARE\b1.org
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
***** [ Web browsers ] *****
[C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : artistic-font-collection.en.softonic.com
[C:\Users\Supermatt\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : safeip.en.softonic.com
[C:\Users\Supermatt\AppData\Local\Comodo\Dragon\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Supermatt\AppData\Local\Comodo\Dragon\User Data\Default\Web data] [Search Provider] Found : ask.com
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [5400 bytes] ##########
# AdwCleaner v5.032 - Logfile created 02/02/2016 at 14:46:55
# Updated 31/01/2016 by Xplode
# Database : 2016-01-31.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Supermatt - SUPERMATT-PC
# Running from : C:\Users\Supermatt\Desktop\adwcleaner_5.032.exe
# Option : Scan
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
***** [ Files ] *****
***** [ DLL ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [6099 bytes] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Ultimate x64
Ran by Supermatt (Administrator) on Tue 02/02/2016 at 13:04:16.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 4
Successfully deleted: C:\Users\Supermatt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1D9TRHCL (Folder)
Successfully deleted: C:\Users\Supermatt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EUYP8USA (Folder)
Successfully deleted: C:\Users\Supermatt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G52PS6PY (Folder)
Successfully deleted: C:\Users\Supermatt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N00BR5RU (Folder)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/02/2016 at 13:18:53.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Supermatt (administrator) on SUPERMATT-PC (02-02-2016 13:43:34)
Running from C:\Users\Supermatt\Desktop
Loaded Profiles: Supermatt (Available Profiles: Supermatt)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft©) C:\Windows\SysWOW64\router.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\SeaPort.EXE
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2697512 2015-01-10] (Synaptics Incorporated)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-08-07] (COMODO)
HKLM-x32\...\Run: [DFX] => C:\Program Files (x86)\DFX\DFX.exe [1328632 2015-12-25] ()
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2622432 2016-02-02] (Malwarebytes Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2016-02-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2016-02-01] (Adobe Systems Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [80000 2015-01-11] (WordWeb Software)
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3898960 2015-05-02] (Tonec Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-05-17]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
BootExecute: autocheck autochk /r \??\M:autocheck autochk *
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
ProxyEnable: [HKLM] => Proxy is enabled.
ProxyEnable: [HKLM-x32] => Proxy is enabled.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
AutoConfigURL: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 140.0.223.250 111.94.159.250 61.247.0.133
Tcpip\..\Interfaces\{4D667F57-0C7B-4433-8185-D6FCF6C28DC4}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{5B5D6538-1510-4743-914F-24A93E95F39B}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{5B5D6538-1510-4743-914F-24A93E95F39B}: [DhcpNameServer] 140.0.223.250 111.94.159.250 61.247.0.133
Tcpip\..\Interfaces\{768528CC-02BF-4D80-B033-FF7FA0EF7B96}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{E7FEDADC-9F33-43B5-A033-D31CF0FC7FBB}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-06-17] (RealDownloader)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2013-11-15] (Microsoft Corporation)
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2014-07-12] (Nuance Communications, Inc.)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-15] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2013-09-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2013-11-02] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\amd64\BingExt.dll [2013-11-10] (Microsoft Corporation.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-15] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-06-17] (RealDownloader)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2013-11-15] (Microsoft Corporation)
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2014-07-12] (Nuance Communications, Inc.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-15] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2013-09-13] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2013-11-02] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\BingExt.dll [2013-11-10] (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-15] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\amd64\BingExt.dll [2013-11-10] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\BingExt.dll [2013-11-10] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3797239318-1157007529-570800937-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_207.dll [2015-10-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-15] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2016-02-02] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-12-10] (Nero AG)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-11-12] (Nitro PDF)
FF Plugin-x32: @real.com/nppl3260;version=18.0.1.9 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2015-07-02] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.0.1.9 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-07-02] (RealTimes)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2014-07-12] (Nuance Communications, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-02-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension => not found
FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension => not found
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension => not found
FF HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Supermatt\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Supermatt\AppData\Roaming\IDM\idmmzcc5 [2016-02-02] [not signed]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-20]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-20]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [597896 2014-09-04] (Autodesk Inc.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2015-01-10] (Broadcom Corporation.)
R2 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [2055352 2015-12-18] (Comodo)
S4 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [90640 2012-07-25] (CyberLink Corp.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-10] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-07] (COMODO)
S4 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [78352 2012-07-25] (CyberLink)
S4 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [295440 2012-07-25] (CyberLink)
S4 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [137280 2015-01-07] (Nuance Communications, Inc.)
S4 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2015-01-25] (MAGIX AG) [File not signed]
S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2015-01-25] (MAGIX®) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2016-01-31] (SurfRight B.V.)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [740832 2016-02-02] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2016-01-29] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2016-01-29] (Malwarebytes)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-11-12] (Nitro PDF Software)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2015-09-19] (arvato digital services llc)
S4 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2015-07-02] ()
S4 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1115224 2015-07-02] (RealNetworks, Inc.)
R2 router.exe; C:\Windows\SysWOW64\router.exe [16384 2014-08-20] (Microsoft©) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2970424 2015-07-20] (AVG Technologies)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-09-15] (Microsoft Corporation)
S2 Amsp; no ImagePath
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2015-10-16] (The OpenVPN Project)
S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2015-01-10] (Broadcom Corporation.)
S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)
S3 BthMtpEnum; C:\Windows\System32\DRIVERS\BthMtpEnum.sys [64512 2009-07-14] (Microsoft Corporation)
S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)
S3 CisUtMonitor; C:\Windows\System32\DRIVERS\CisUtMonitor.sys [33360 2015-07-05] (CrystalIdea Software)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21184 2015-11-19] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [806032 2015-11-19] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45856 2015-08-05] (COMODO)
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2015-05-05] (Windows ® Win 7 DDK provider)
R3 DFX12; C:\Windows\System32\drivers\dfx12x64.sys [29688 2015-12-25] (Windows ® Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-02-18] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3341904 2012-03-26] (Broadcom Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-02-02] ()
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-25] (Etron Technology Inc)
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [41080 2016-02-02] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2015-01-10] (Intel Corporation)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105096 2015-08-05] (COMODO)
R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [84992 2015-01-24] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2016-01-29] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-02] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2016-01-29] (Malwarebytes Corporation)
R2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [83704 2012-06-20] (Cyberlink Corp.)
S3 plkusbser; C:\Windows\System32\DRIVERS\plkusbser.sys [113664 2008-01-23] (QUALCOMM Incorporated)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [361984 2012-05-02] (QUALCOMM Incorporated)
S3 SbieDrv; no ImagePath
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2015-01-10] (Synaptics Incorporated)
S3 tap0801; C:\Windows\System32\DRIVERS\tap0801.sys [30720 2005-04-14] (The OpenVPN Project) [File not signed]
S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2015-10-14] (Spotflux, Inc.)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [121944 2015-08-17] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [305832 2015-08-17] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2015-08-17] (Trend Micro Inc.)
S3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [106296 2015-08-17] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [93664 2015-08-17] (Trend Micro Inc.)
S3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [407864 2015-08-17] (Trend Micro Inc.)
R2 tmusa; C:\Windows\System32\DRIVERS\tmusa.sys [106296 2015-08-17] (Trend Micro Inc.)
S3 TosRfSnd; C:\Windows\System32\drivers\tosrfsnd.sys [63488 2015-05-17] (TOSHIBA Corporation) [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-02-01] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-06-25] (TuneUp Software)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2015-01-29] ()
S3 VGPU; no ImagePath
S2 WCMVCAM; C:\Windows\System32\DRIVERS\wcmvcam64.sys [1071032 2015-04-04] (Windows ® Win 7 DDK provider)
R2 {73526619-C24F-470B-9BED-53D455FBB5C6}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [147704 2012-08-10] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-02 16:28 - 2016-02-02 16:28 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-02 16:28 - 2016-02-02 16:28 - 00000000 ____D C:\Windows\SysWOW64\GWX
2016-02-02 16:28 - 2016-02-02 16:28 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-02 16:28 - 2016-02-02 09:51 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-02 13:43 - 2016-02-02 13:44 - 00024663 _____ C:\Users\Supermatt\Desktop\FRST.txt
2016-02-02 13:18 - 2016-02-02 13:18 - 00001082 _____ C:\Users\Supermatt\Desktop\JRT.txt
2016-02-02 13:01 - 2016-02-02 13:01 - 00041080 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2016-02-02 12:42 - 2016-02-02 12:42 - 01508352 _____ C:\Users\Supermatt\Desktop\adwcleaner_5.032.exe
2016-02-02 11:18 - 2016-02-02 11:18 - 00000320 ____N C:\Windows\SysWOW64\win_hcleaner.ini
2016-02-01 23:29 - 2016-02-01 23:29 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-01 23:28 - 2016-02-01 23:28 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-01 23:28 - 2016-02-01 23:28 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-01 23:28 - 2016-02-01 23:28 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-02-01 22:45 - 2016-02-01 22:45 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2016-02-01 22:45 - 2016-02-01 22:45 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-02-01 22:45 - 2016-02-01 22:45 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-02-01 22:45 - 2016-02-01 22:45 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2016-02-01 22:45 - 2016-02-01 22:45 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2016-02-01 22:45 - 2016-02-01 22:45 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2016-02-01 22:44 - 2016-02-01 22:44 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2016-02-01 22:43 - 2016-02-01 22:43 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-02-01 22:43 - 2016-02-01 22:43 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-02-01 22:43 - 2016-02-01 22:43 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-02-01 22:43 - 2016-02-01 22:43 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-02-01 22:43 - 2016-02-01 22:43 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-02-01 22:43 - 2016-02-01 22:43 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-02-01 22:43 - 2016-02-01 22:43 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-02-01 22:43 - 2016-02-01 22:43 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-02-01 22:43 - 2016-02-01 22:43 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-02-01 22:42 - 2016-02-01 22:42 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-02-01 22:42 - 2016-02-01 22:42 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-02-01 22:42 - 2016-02-01 22:42 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-02-01 22:42 - 2016-02-01 22:42 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-02-01 22:42 - 2016-02-01 22:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-02-01 22:42 - 2016-02-01 22:42 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-02-01 22:42 - 2016-02-01 22:42 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-02-01 22:42 - 2016-02-01 22:42 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-02-01 22:42 - 2016-02-01 22:42 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-02-01 22:42 - 2016-02-01 22:42 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-02-01 22:42 - 2016-02-01 22:42 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-02-01 22:42 - 2016-02-01 22:42 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-02-01 22:42 - 2016-02-01 22:42 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-02-01 22:42 - 2016-02-01 22:42 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-02-01 22:42 - 2016-02-01 22:42 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-02-01 22:42 - 2016-02-01 22:42 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-02-01 22:42 - 2016-02-01 22:42 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-02-01 22:42 - 2016-02-01 22:42 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-02-01 22:42 - 2016-02-01 22:42 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-02-01 22:42 - 2016-02-01 22:42 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-02-01 22:42 - 2016-02-01 22:42 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-02-01 22:42 - 2016-02-01 22:42 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-02-01 22:40 - 2016-02-01 22:40 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2016-02-01 22:40 - 2016-02-01 22:40 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2016-02-01 22:40 - 2016-02-01 22:40 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2016-02-01 22:40 - 2016-02-01 22:40 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2016-02-01 22:40 - 2016-02-01 22:40 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2016-02-01 22:40 - 2016-02-01 22:40 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2016-02-01 22:40 - 2016-02-01 22:40 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2016-02-01 22:40 - 2016-02-01 22:40 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2016-02-01 22:40 - 2016-02-01 22:40 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2016-02-01 22:40 - 2016-02-01 22:40 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2016-02-01 22:40 - 2016-02-01 22:40 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2016-02-01 22:40 - 2016-02-01 22:40 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2016-02-01 22:39 - 2016-02-01 22:39 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-01 22:39 - 2016-02-01 22:39 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-01 22:39 - 2016-02-01 22:39 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-01 22:39 - 2016-02-01 22:39 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-01 22:39 - 2016-02-01 22:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-02-01 22:39 - 2016-02-01 22:39 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-01 22:39 - 2016-02-01 22:39 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-02-01 22:39 - 2016-02-01 22:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-02-01 22:39 - 2016-02-01 22:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-01 22:39 - 2016-02-01 22:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-02-01 22:39 - 2016-02-01 22:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-01 22:39 - 2016-02-01 22:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-01 22:38 - 2016-02-01 22:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-01 22:38 - 2016-02-01 22:38 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-01 22:38 - 2016-02-01 22:38 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-01 22:38 - 2016-02-01 22:38 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-02-01 22:38 - 2016-02-01 22:38 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-02-01 22:38 - 2016-02-01 22:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-01 22:38 - 2015-12-13 01:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-01 22:38 - 2015-12-13 01:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-01 22:38 - 2015-12-13 00:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-02-01 22:38 - 2015-12-13 00:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-02-01 22:37 - 2016-02-01 22:37 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-01 22:37 - 2016-02-01 22:37 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-01 22:37 - 2016-02-01 22:37 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-01 22:37 - 2016-02-01 22:37 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-01 22:36 - 2016-02-01 22:36 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-01 22:36 - 2016-02-01 22:36 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-02-01 22:36 - 2016-02-01 22:36 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-01 22:36 - 2016-02-01 22:36 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-01 22:36 - 2016-02-01 22:36 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-01 22:36 - 2016-02-01 22:36 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-01 22:36 - 2016-02-01 22:36 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-01 22:36 - 2016-02-01 22:36 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-01 22:36 - 2016-02-01 22:36 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-01 22:36 - 2016-02-01 22:36 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-01 22:36 - 2016-02-01 22:36 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-01 22:36 - 2016-02-01 22:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-02-01 22:36 - 2016-02-01 22:36 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-01 22:36 - 2016-02-01 22:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-01 22:36 - 2016-02-01 22:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-01 22:36 - 2016-02-01 22:36 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-01 22:36 - 2016-02-01 22:36 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-01 22:35 - 2016-02-01 22:35 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-02-01 22:35 - 2016-02-01 22:35 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2016-02-01 22:35 - 2016-02-01 22:35 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2016-02-01 22:35 - 2016-02-01 22:35 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-02-01 22:35 - 2016-02-01 22:35 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-02-01 22:35 - 2016-02-01 22:35 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-02-01 22:33 - 2016-02-01 22:33 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2016-02-01 22:33 - 2016-02-01 22:33 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-02-01 22:33 - 2016-02-01 22:33 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-02-01 22:32 - 2016-02-01 22:32 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-02-01 22:32 - 2016-02-01 22:32 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-02-01 22:32 - 2016-02-01 22:32 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-02-01 22:32 - 2016-02-01 22:32 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-02-01 22:32 - 2016-02-01 22:32 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2016-02-01 22:32 - 2016-02-01 22:32 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-02-01 22:32 - 2016-02-01 22:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-02-01 22:32 - 2016-02-01 22:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-02-01 22:32 - 2016-02-01 22:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-02-01 22:32 - 2016-02-01 22:32 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-02-01 22:32 - 2016-02-01 22:32 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-02-01 22:32 - 2016-02-01 22:32 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-02-01 22:29 - 2016-02-01 22:29 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-02-01 22:29 - 2016-02-01 22:29 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-02-01 22:29 - 2016-02-01 22:29 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2016-02-01 22:29 - 2016-02-01 22:29 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2016-02-01 22:29 - 2016-02-01 22:29 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2016-02-01 22:29 - 2016-02-01 22:29 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2016-02-01 22:29 - 2016-02-01 22:29 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2016-02-01 22:29 - 2016-02-01 22:29 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2016-02-01 22:29 - 2015-12-16 21:38 - 00419928 _____ C:\Windows\SysWOW64\locale.nls
2016-02-01 22:29 - 2015-12-16 21:37 - 00419928 _____ C:\Windows\system32\locale.nls
2016-02-01 22:28 - 2016-02-01 22:28 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2016-02-01 22:28 - 2016-02-01 22:28 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2016-02-01 22:26 - 2016-02-01 22:26 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-02-01 22:26 - 2016-02-01 22:26 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-02-01 22:26 - 2016-02-01 22:26 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-02-01 22:26 - 2016-02-01 22:26 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-02-01 22:26 - 2016-02-01 22:26 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-02-01 22:26 - 2016-02-01 22:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-02-01 22:26 - 2016-02-01 22:26 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-02-01 22:26 - 2016-02-01 22:26 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-02-01 22:26 - 2016-02-01 22:26 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-02-01 22:26 - 2016-02-01 22:26 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-02-01 22:25 - 2016-02-01 22:25 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2016-02-01 22:23 - 2016-02-01 22:23 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-02-01 22:23 - 2016-02-01 22:23 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-02-01 22:23 - 2016-02-01 22:23 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2016-02-01 22:23 - 2016-02-01 22:23 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2016-02-01 22:23 - 2016-02-01 22:23 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2016-02-01 22:23 - 2016-02-01 22:23 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2016-02-01 22:23 - 2016-02-01 22:23 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2016-02-01 22:23 - 2016-02-01 22:23 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2016-02-01 22:23 - 2016-02-01 22:23 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2016-02-01 22:23 - 2016-02-01 22:23 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2016-02-01 22:23 - 2016-02-01 22:23 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2016-02-01 22:22 - 2016-02-01 22:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-02-01 22:22 - 2016-02-01 22:22 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-02-01 22:22 - 2016-02-01 22:22 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-02-01 22:22 - 2016-02-01 22:22 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-02-01 22:22 - 2016-02-01 22:22 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-02-01 22:22 - 2016-02-01 22:22 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-02-01 22:22 - 2016-02-01 22:22 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-02-01 22:22 - 2016-02-01 22:22 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-02-01 22:22 - 2016-02-01 22:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-02-01 22:22 - 2016-02-01 22:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-02-01 22:12 - 2016-02-01 22:12 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-01 22:12 - 2016-02-01 22:12 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-01 22:12 - 2016-02-01 22:12 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-02-01 22:12 - 2016-02-01 22:12 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-01 22:12 - 2016-02-01 22:12 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2016-02-01 22:12 - 2016-02-01 22:12 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-01 22:12 - 2016-02-01 22:12 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-01 22:12 - 2016-02-01 22:12 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-01 22:12 - 2016-02-01 22:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-01 22:12 - 2016-02-01 22:12 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-01 22:12 - 2016-02-01 22:12 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-01 22:12 - 2016-02-01 22:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-01 22:12 - 2016-02-01 22:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-01 22:12 - 2016-02-01 22:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-01 22:12 - 2016-02-01 22:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-01 22:12 - 2016-02-01 22:12 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-01 22:12 - 2016-02-01 22:12 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-02-01 22:12 - 2016-02-01 22:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-01 22:11 - 2016-02-01 22:11 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2016-02-01 22:11 - 2016-02-01 22:11 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2016-02-01 22:11 - 2016-02-01 22:11 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2016-02-01 22:11 - 2016-02-01 22:11 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2016-02-01 22:11 - 2016-02-01 22:11 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2016-02-01 22:11 - 2016-02-01 22:11 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2016-02-01 22:11 - 2016-02-01 22:11 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2016-02-01 22:09 - 2016-02-01 22:09 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-02-01 22:09 - 2016-02-01 22:09 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-02-01 22:02 - 2016-02-01 22:02 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2016-02-01 22:02 - 2016-02-01 22:02 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2016-02-01 22:02 - 2016-02-01 22:02 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-01 22:02 - 2016-02-01 22:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2016-02-01 22:02 - 2016-02-01 22:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2016-02-01 22:02 - 2016-02-01 22:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2016-02-01 22:02 - 2016-02-01 22:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2016-02-01 22:02 - 2016-02-01 22:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2016-02-01 22:02 - 2016-02-01 22:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2016-02-01 22:02 - 2016-02-01 22:02 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2016-02-01 22:02 - 2016-02-01 22:02 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2016-02-01 22:02 - 2016-02-01 22:02 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2016-02-01 22:02 - 2016-02-01 22:02 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2016-02-01 22:01 - 2016-02-01 22:01 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2016-02-01 22:01 - 2016-02-01 22:01 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2016-02-01 22:01 - 2016-02-01 22:01 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-02-01 22:01 - 2016-02-01 22:01 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-02-01 22:01 - 2016-02-01 22:01 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-02-01 22:01 - 2016-02-01 22:01 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-02-01 22:01 - 2016-02-01 22:01 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-02-01 22:01 - 2016-02-01 22:01 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-02-01 22:01 - 2016-02-01 22:01 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-02-01 22:01 - 2016-02-01 22:01 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-02-01 22:01 - 2016-02-01 22:01 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-02-01 22:00 - 2016-02-01 22:00 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-01 22:00 - 2016-02-01 22:00 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-02-01 22:00 - 2016-02-01 22:00 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-01 22:00 - 2016-02-01 22:00 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-02-01 22:00 - 2016-02-01 22:00 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-02-01 22:00 - 2016-02-01 22:00 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-02-01 22:00 - 2016-02-01 22:00 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-02-01 22:00 - 2016-02-01 22:00 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-02-01 22:00 - 2016-02-01 22:00 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-02-01 22:00 - 2016-02-01 22:00 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-02-01 21:59 - 2016-02-01 21:59 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2016-02-01 21:59 - 2016-02-01 21:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2016-02-01 21:59 - 2016-02-01 21:59 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 01112576 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2016-02-01 21:57 - 2016-02-01 21:57 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2016-02-01 21:57 - 2016-02-01 21:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2016-02-01 21:57 - 2016-02-01 21:57 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2016-02-01 21:57 - 2016-02-01 21:57 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2016-02-01 21:57 - 2016-02-01 21:57 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2016-02-01 21:57 - 2016-02-01 21:57 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2016-02-01 21:57 - 2016-02-01 21:57 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2016-02-01 21:57 - 2016-02-01 21:57 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2016-02-01 21:57 - 2016-02-01 21:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2016-02-01 21:54 - 2016-02-01 21:54 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-02-01 21:54 - 2016-02-01 21:54 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-02-01 21:54 - 2016-02-01 21:54 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-02-01 21:54 - 2016-02-01 21:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-02-01 21:54 - 2016-02-01 21:54 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-02-01 21:54 - 2016-02-01 21:54 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-02-01 21:54 - 2016-02-01 21:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-02-01 21:54 - 2016-02-01 21:54 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-02-01 21:54 - 2016-02-01 21:54 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-02-01 21:54 - 2016-02-01 21:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-02-01 21:54 - 2016-02-01 21:54 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-02-01 21:54 - 2016-02-01 21:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-02-01 21:54 - 2016-02-01 21:54 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-02-01 21:54 - 2016-02-01 21:54 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-02-01 21:54 - 2016-02-01 21:54 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-02-01 21:54 - 2016-02-01 21:54 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-02-01 21:54 - 2016-02-01 21:54 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-02-01 21:54 - 2016-02-01 21:54 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-02-01 21:54 - 2016-02-01 21:54 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-02-01 21:54 - 2016-02-01 21:54 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-02-01 21:54 - 2016-02-01 21:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-02-01 21:54 - 2016-02-01 21:54 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-02-01 21:54 - 2016-02-01 21:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-02-01 21:54 - 2016-02-01 21:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-02-01 21:54 - 2016-02-01 21:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-02-01 21:54 - 2016-02-01 21:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-02-01 21:54 - 2016-02-01 21:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-02-01 21:54 - 2016-02-01 21:54 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-02-01 21:54 - 2016-02-01 21:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-02-01 21:54 - 2016-02-01 21:54 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-02-01 21:54 - 2016-02-01 21:54 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-02-01 21:54 - 2016-02-01 21:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-02-01 21:54 - 2016-02-01 21:54 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-02-01 21:54 - 2016-02-01 21:54 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-02-01 21:54 - 2016-02-01 21:54 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-02-01 21:54 - 2016-02-01 21:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-02-01 21:54 - 2016-02-01 21:54 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-02-01 21:54 - 2016-02-01 21:54 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-02-01 21:54 - 2016-02-01 21:54 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-02-01 21:54 - 2016-02-01 21:54 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-02-01 21:54 - 2016-02-01 21:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-02-01 21:54 - 2016-02-01 21:54 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-02-01 21:54 - 2016-02-01 21:54 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-02-01 21:54 - 2016-02-01 21:54 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-02-01 21:54 - 2016-02-01 21:54 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-02-01 21:54 - 2016-02-01 21:54 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-02-01 21:54 - 2016-02-01 21:54 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-02-01 21:54 - 2016-02-01 21:54 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-02-01 21:54 - 2016-02-01 21:54 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-02-01 21:54 - 2016-02-01 21:54 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-02-01 21:54 - 2016-02-01 21:54 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-02-01 21:54 - 2016-02-01 21:54 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-02-01 21:54 - 2016-02-01 21:54 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-02-01 21:54 - 2016-02-01 21:54 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-02-01 21:54 - 2016-02-01 21:54 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-02-01 21:54 - 2016-02-01 21:54 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-02-01 21:54 - 2016-02-01 21:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-02-01 21:54 - 2016-02-01 21:54 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-02-01 21:54 - 2016-02-01 21:54 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-02-01 21:54 - 2016-02-01 21:54 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-02-01 21:54 - 2016-02-01 21:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-02-01 21:54 - 2016-02-01 21:54 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-02-01 21:54 - 2016-02-01 21:54 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-02-01 21:54 - 2016-02-01 21:54 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-02-01 21:54 - 2016-02-01 21:54 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-02-01 21:54 - 2016-02-01 21:54 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-02-01 21:54 - 2016-02-01 21:54 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-02-01 21:54 - 2016-02-01 21:54 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-02-01 21:54 - 2016-02-01 21:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-02-01 21:54 - 2016-02-01 21:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-02-01 21:54 - 2016-02-01 21:54 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-02-01 21:54 - 2016-02-01 21:54 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-02-01 21:54 - 2016-02-01 21:54 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-02-01 21:54 - 2016-02-01 21:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-02-01 21:54 - 2016-02-01 21:54 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-02-01 21:54 - 2016-02-01 21:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-02-01 21:54 - 2016-02-01 21:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-02-01 21:53 - 2016-02-01 21:53 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-01 21:53 - 2016-02-01 21:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-02-01 21:53 - 2016-02-01 21:53 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-02-01 21:53 - 2016-02-01 21:53 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2016-02-01 21:52 - 2016-02-01 21:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-02-01 21:52 - 2016-02-01 21:52 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-02-01 21:51 - 2016-02-01 21:51 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2016-02-01 21:51 - 2016-02-01 21:51 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-02-01 21:51 - 2016-02-01 21:51 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2016-02-01 21:51 - 2016-02-01 21:51 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-02-01 21:51 - 2016-02-01 21:51 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-02-01 21:51 - 2016-02-01 21:51 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-02-01 21:51 - 2016-02-01 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2016-02-01 21:51 - 2016-02-01 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-02-01 21:51 - 2016-02-01 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2016-02-01 21:51 - 2016-02-01 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-02-01 21:51 - 2015-02-25 10:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2016-02-01 21:45 - 2016-02-01 21:45 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-01 21:45 - 2016-02-01 21:45 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2016-02-01 21:45 - 2016-02-01 21:45 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-01 21:45 - 2016-02-01 21:45 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-01 21:45 - 2016-02-01 21:45 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-01 21:45 - 2016-02-01 21:45 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-01 21:45 - 2016-02-01 21:45 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-02-01 21:45 - 2016-02-01 21:45 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-01 21:45 - 2016-02-01 21:45 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-01 21:45 - 2016-02-01 21:45 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-02-01 21:45 - 2016-02-01 21:45 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2016-02-01 21:45 - 2016-02-01 21:45 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-01 21:45 - 2016-02-01 21:45 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2016-02-01 21:45 - 2016-02-01 21:45 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-01 21:45 - 2016-02-01 21:45 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-02-01 21:42 - 2016-02-01 21:42 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-02-01 21:42 - 2016-02-01 21:42 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-02-01 21:41 - 2016-02-01 21:41 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2016-02-01 21:41 - 2016-02-01 21:41 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2016-02-01 21:41 - 2016-02-01 21:41 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2016-02-01 21:41 - 2016-02-01 21:41 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2016-02-01 21:40 - 2016-02-01 19:53 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-01 21:40 - 2016-02-01 19:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-01 21:38 - 2016-02-01 19:53 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2016-02-01 21:37 - 2016-02-01 21:37 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-01 21:37 - 2016-02-01 21:37 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-01 21:37 - 2016-02-01 21:37 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-02-01 21:37 - 2016-02-01 21:37 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-02-01 21:36 - 2016-02-01 21:36 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2016-02-01 21:36 - 2016-02-01 21:36 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2016-02-01 21:36 - 2016-02-01 21:36 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-02-01 21:36 - 2016-02-01 21:36 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-02-01 21:36 - 2016-02-01 21:36 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-02-01 21:36 - 2016-02-01 21:36 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-02-01 21:36 - 2016-02-01 21:36 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-02-01 21:36 - 2016-02-01 21:36 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-02-01 21:33 - 2016-02-02 07:25 - 00000000 ____D C:\ProgramData\RogueKiller
2016-02-01 21:33 - 2016-02-01 21:33 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-02-01 21:31 - 2016-02-01 21:31 - 20943432 _____ C:\Users\Supermatt\Desktop\RogueKiller.exe
2016-02-01 19:53 - 2016-02-01 19:53 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2016-02-01 19:53 - 2016-02-01 19:53 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2016-02-01 19:53 - 2016-02-01 19:53 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2016-02-01 19:53 - 2016-02-01 19:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2016-02-01 19:32 - 2016-02-01 19:32 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2016-02-01 19:32 - 2016-02-01 19:32 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-02-01 19:32 - 2016-02-01 19:32 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-02-01 19:32 - 2016-02-01 19:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-02-01 19:32 - 2016-02-01 19:32 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-02-01 19:32 - 2016-02-01 19:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-02-01 19:32 - 2016-02-01 19:32 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-02-01 19:32 - 2016-02-01 19:32 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-02-01 19:32 - 2016-02-01 19:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-02-01 19:32 - 2016-02-01 19:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-02-01 19:32 - 2016-02-01 19:32 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-02-01 19:32 - 2015-02-04 10:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2016-02-01 18:09 - 2016-02-01 18:40 - 00051210 ____N C:\Users\Supermatt\Desktop\MTB.txt
2016-02-01 16:57 - 2016-02-01 17:03 - 00000000 ____D C:\Users\Supermatt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2016-01-31 16:46 - 2016-02-02 11:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-01-31 16:46 - 2016-02-02 11:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-01-31 16:46 - 2016-02-02 11:02 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-01-31 16:45 - 2016-01-31 17:57 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-01-31 16:45 - 2016-01-31 16:45 - 01846024 ____N (Malwarebytes ) C:\Users\Supermatt\Downloads\mbae-setup-1.08.1.1045.exe
2016-01-31 16:27 - 2016-01-31 17:57 - 00000000 ____D C:\Users\Supermatt\Desktop\mbar
2016-01-31 16:14 - 2016-01-31 16:15 - 00001486 ____N C:\Users\Supermatt\Desktop\FixExec.txt
2016-01-31 15:56 - 2016-01-31 15:57 - 01609032 _____ (Malwarebytes) C:\Users\Supermatt\Desktop\JRT.exe
2016-01-31 15:36 - 2016-01-31 15:36 - 00082312 ____N C:\Users\Supermatt\Desktop\bookmarks_1_31_16.html
2016-01-31 08:37 - 2016-02-02 13:43 - 00000000 ____D C:\FRST
2016-01-31 08:37 - 2016-01-31 08:37 - 02370560 _____ (Farbar) C:\Users\Supermatt\Desktop\FRST64.exe
2016-01-31 08:31 - 2016-01-31 08:31 - 00891392 _____ (Farbar) C:\Users\Supermatt\Desktop\MiniToolBox.exe
2016-01-31 04:01 - 2016-01-31 04:01 - 00016334 _____ C:\Windows\system32\.crusader
2016-01-31 03:40 - 2016-01-31 03:40 - 00001898 ____N C:\Users\Public\Desktop\HitmanPro.lnk
2016-01-31 03:40 - 2016-01-31 03:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-01-31 03:35 - 2016-01-31 03:40 - 00000000 ____D C:\Program Files\HitmanPro
2016-01-31 03:28 - 2016-02-02 12:56 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2016-01-31 03:23 - 2016-01-31 04:22 - 00000000 ____D C:\ProgramData\HitmanPro
2016-01-31 03:20 - 2016-01-31 03:23 - 09741664 ____N (SurfRight B.V.) C:\Users\Supermatt\Downloads\HitmanPro35_x64.exe
2016-01-31 03:10 - 2016-01-31 03:10 - 00035436 ____N C:\ComboFix.txt
2016-01-30 14:29 - 2011-06-26 13:45 - 00256000 ____N C:\Windows\PEV.exe
2016-01-30 14:29 - 2010-11-08 00:20 - 00208896 ____N C:\Windows\MBR.exe
2016-01-30 14:29 - 2009-04-20 11:56 - 00060416 ____N (NirSoft) C:\Windows\NIRCMD.exe
2016-01-30 14:29 - 2000-08-31 07:00 - 00518144 ____N (SteelWerX) C:\Windows\SWREG.exe
2016-01-30 14:29 - 2000-08-31 07:00 - 00406528 ____N (SteelWerX) C:\Windows\SWSC.exe
2016-01-30 14:29 - 2000-08-31 07:00 - 00098816 ____N C:\Windows\sed.exe
2016-01-30 14:29 - 2000-08-31 07:00 - 00080412 ____N C:\Windows\grep.exe
2016-01-30 14:29 - 2000-08-31 07:00 - 00068096 ____N C:\Windows\zip.exe
2016-01-30 14:25 - 2016-01-31 03:10 - 00000000 ____D C:\Qoobox
2016-01-30 11:41 - 2016-01-30 15:04 - 00000000 ____D C:\Windows\erdnt
2016-01-30 11:37 - 2016-01-30 11:37 - 01507840 ____N C:\Users\Supermatt\Downloads\AdwCleaner.exe
2016-01-29 12:37 - 2016-01-30 15:58 - 00000000 ____D C:\AdwCleaner
2016-01-29 12:26 - 2016-01-29 12:26 - 00000000 ____D C:\Program Files (x86)\ESET
2016-01-29 12:01 - 2016-02-02 12:56 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-29 11:59 - 2016-01-31 16:28 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-29 11:59 - 2016-01-29 13:26 - 00001107 ____N C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-29 11:59 - 2016-01-29 11:59 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-29 11:59 - 2016-01-29 11:59 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-29 11:59 - 2016-01-29 11:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-29 11:59 - 2016-01-29 11:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-26 22:59 - 2016-02-02 12:58 - 00005002 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Supermatt-PC-Supermatt Supermatt-PC
2016-01-25 10:00 - 2016-01-25 10:02 - 00000000 ____D C:\Users\Supermatt\AppData\OICE_15_974FA576_32C1D314_3103
2016-01-22 09:27 - 2016-01-22 09:27 - 00118018 ____N C:\Users\Supermatt\Downloads\CC statement template konvensional_20160118_0055794802.pdf
2016-01-22 09:26 - 2016-01-22 09:26 - 00052365 ____N C:\Users\Supermatt\Downloads\eStatement_01192016 (1).pdf
2016-01-22 09:25 - 2016-01-22 09:25 - 00051794 ____N C:\Users\Supermatt\Downloads\eStatement_01192016.pdf
2016-01-22 09:09 - 2016-01-22 09:09 - 00099547 ____N C:\Users\Supermatt\Downloads\461785816034XXXX.pdf
2016-01-22 09:06 - 2016-01-22 09:06 - 00137129 ____N C:\Users\Supermatt\Downloads\20160113.pdf
2016-01-22 09:04 - 2016-01-22 09:04 - 00036234 ____N C:\Users\Supermatt\Downloads\7010296916010026635.pdf
2016-01-22 09:02 - 2016-01-22 09:02 - 00035635 ____N C:\Users\Supermatt\Downloads\3650559416010026653.pdf
2016-01-22 09:00 - 2016-01-22 09:00 - 00231295 ____N C:\Users\Supermatt\Downloads\544741804332XXXX (1).pdf
2016-01-22 08:58 - 2016-01-22 08:58 - 00231295 ____N C:\Users\Supermatt\Downloads\544741804332XXXX.pdf
2016-01-22 08:56 - 2016-01-22 08:56 - 00135964 ____N C:\Users\Supermatt\Downloads\20160105.pdf
2016-01-22 08:49 - 2016-01-22 08:49 - 00140974 ____N C:\Users\Supermatt\Downloads\20160104.pdf
2016-01-22 08:49 - 2016-01-22 08:49 - 00140974 ____N C:\Users\Supermatt\Downloads\20160104 (1).pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-02 16:29 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\tracing
2016-02-02 16:29 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-02-02 16:29 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\Dism
2016-02-02 16:29 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-02-02 16:29 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-02-02 16:28 - 2011-04-12 15:28 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-02 16:28 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\AppCompat
2016-02-02 15:53 - 2014-01-08 23:27 - 00000898 ____N C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-02 14:48 - 2014-01-08 23:27 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 14:48 - 2014-01-08 23:27 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-02 13:03 - 2014-06-18 01:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-02 13:01 - 2009-07-14 11:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-02 13:01 - 2009-07-14 11:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-02 12:56 - 2014-06-23 00:35 - 00000000 ____D C:\Program Files (x86)\SMADAV
2016-02-02 12:56 - 2014-01-08 23:27 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-02 12:56 - 2009-07-14 12:13 - 00918384 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-02 12:56 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\inf
2016-02-02 12:53 - 2015-01-03 00:36 - 00000575 _____ C:\Windows\SysWOW64\router.xml
2016-02-02 12:52 - 2014-01-12 19:27 - 00000439 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-02-02 12:51 - 2015-01-24 07:08 - 00000091 _____ C:\HaxLogs.txt
2016-02-02 12:51 - 2009-07-14 12:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-02 12:11 - 2015-04-16 00:59 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2016-02-02 11:44 - 2014-02-14 14:30 - 00000000 ____D C:\Users\Supermatt\AppData\Roaming\DMCache
2016-02-02 11:07 - 2015-02-01 11:03 - 00000000 ____D C:\Users\Supermatt\AppData\Local\EmieUserList
2016-02-02 11:07 - 2015-02-01 11:03 - 00000000 ____D C:\Users\Supermatt\AppData\Local\EmieSiteList
2016-02-02 11:07 - 2015-02-01 11:03 - 00000000 ____D C:\Users\Supermatt\AppData\Local\EmieBrowserModeList
2016-02-02 11:02 - 2015-03-01 16:25 - 00000000 ____D C:\Users\Supermatt\AppData\LocalLow\EmieUserList
2016-02-02 11:02 - 2015-03-01 16:25 - 00000000 ____D C:\Users\Supermatt\AppData\LocalLow\EmieSiteList
2016-02-02 11:02 - 2015-03-01 16:25 - 00000000 ____D C:\Users\Supermatt\AppData\LocalLow\EmieBrowserModeList
2016-02-02 09:45 - 2014-01-10 22:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-02-02 09:45 - 2014-01-10 22:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-02-02 09:45 - 2009-07-14 11:45 - 05296216 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-02 06:32 - 2015-03-02 11:03 - 00000000 ____D C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2016-02-02 01:09 - 2014-01-10 22:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-02-02 00:45 - 2014-01-08 21:56 - 00000000 ____D C:\Windows\system32\MRT
2016-02-02 00:36 - 2014-01-08 21:56 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-01 23:59 - 2014-01-08 22:06 - 00910998 ____N C:\Windows\SysWOW64\PerfStringBackup.INI
2016-02-01 21:54 - 2009-07-14 07:22 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-02-01 18:00 - 2015-01-02 21:07 - 00000486 ____N C:\Windows\Tasks\Connectify Update.job
2016-02-01 17:51 - 2015-09-14 16:19 - 00000000 ____D C:\Users\Supermatt\Documents\Havok
2016-02-01 17:40 - 2015-08-17 21:49 - 01487528 ____N C:\Windows\ntbtlog.txt
2016-02-01 17:20 - 2014-01-08 23:28 - 00000000 ____D C:\Program Files\Google
2016-02-01 17:20 - 2014-01-08 23:27 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-01 17:13 - 2014-08-18 22:23 - 00000000 ____D C:\Users\Supermatt\AppData\Roaming\Opera Software
2016-02-01 17:13 - 2014-08-18 22:23 - 00000000 ____D C:\Users\Supermatt\AppData\Local\Opera Software
2016-02-01 17:06 - 2014-01-08 23:27 - 00000000 ____D C:\Users\Supermatt\AppData\Local\Google
2016-02-01 17:02 - 2014-01-10 18:05 - 00000000 ____D C:\Users\Supermatt\AppData\Local\ElevatedDiagnostics
2016-02-01 16:56 - 2014-01-25 09:09 - 00000000 ____D C:\Users\Supermatt\Desktop\shortcuts
2016-02-01 16:35 - 2015-08-13 20:56 - 00002465 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2016-02-01 16:35 - 2015-08-13 20:56 - 00002453 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2016-02-01 16:35 - 2015-08-13 20:56 - 00002031 ____N C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2016-02-01 16:35 - 2014-12-04 06:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2016-01-31 17:55 - 2014-01-10 22:23 - 00000000 ____D C:\Users\Supermatt\AppData\Roaming\tixati
2016-01-31 16:36 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-31 16:03 - 2015-05-02 23:31 - 00000000 ____D C:\Users\Supermatt\AppData\Roaming\IDM
2016-01-31 15:38 - 2015-04-27 20:51 - 07367446 _____ C:\Windows\system32\Drivers\fvstore.dat
2016-01-31 12:33 - 2014-12-01 02:02 - 00000000 ____D C:\Program Files (x86)\Comodo
2016-01-31 08:32 - 2014-01-25 09:09 - 00000000 ____D C:\Program Files (x86)\e-Sword
2016-01-31 04:01 - 2015-07-15 12:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2016-01-31 04:01 - 2015-07-15 12:11 - 00000000 ____D C:\Program Files\KMSpico
2016-01-31 03:07 - 2009-07-14 09:34 - 00000215 ____N C:\Windows\system.ini
2016-01-30 16:44 - 2015-11-14 21:50 - 00000000 ____D C:\Windows\pss
2016-01-30 15:58 - 2014-11-12 17:50 - 00000000 ____D C:\Users\Supermatt\AppData\Roaming\Yahoo!
2016-01-30 15:58 - 2014-11-12 17:50 - 00000000 ____D C:\Users\Supermatt\AppData\LocalLow\Yahoo!
2016-01-30 15:39 - 2015-12-19 19:52 - 00000000 ____D C:\Program Files (x86)\iZotope
2016-01-30 14:50 - 2014-11-12 17:50 - 00000000 ____D C:\ProgramData\Yahoo!
2016-01-30 14:50 - 2014-11-12 17:46 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-01-30 11:58 - 2014-01-08 20:52 - 00000000 ____D C:\Users\Supermatt\AppData\Local\VirtualStore
2016-01-29 14:46 - 2015-12-25 15:28 - 00001882 ____N C:\Users\Public\Desktop\DFX.lnk
2016-01-29 14:46 - 2015-09-19 00:11 - 00003045 ____N C:\Users\Public\Desktop\Corel PHOTO-PAINT X7 (64-Bit).lnk
2016-01-29 14:46 - 2015-09-19 00:11 - 00003042 ____N C:\Users\Public\Desktop\Corel CAPTURE X7 (64-Bit).lnk
2016-01-29 14:46 - 2015-09-19 00:11 - 00002997 ____N C:\Users\Public\Desktop\CorelDRAW X7 (64-Bit).lnk
2016-01-29 14:46 - 2015-09-19 00:11 - 00002510 ____N C:\Users\Public\Desktop\Bitstream Font Navigator (64-Bit).lnk
2016-01-29 14:46 - 2015-09-19 00:11 - 00002330 ____N C:\Users\Public\Desktop\Corel CONNECT X7 (64-Bit).lnk
2016-01-29 14:46 - 2015-09-14 17:03 - 00001826 ____N C:\Users\Public\Desktop\Intel GPA Platform Analyzer 2013 R3.lnk
2016-01-29 14:46 - 2015-09-14 17:03 - 00001812 ____N C:\Users\Public\Desktop\Intel GPA System Analyzer 2013 R3.lnk
2016-01-29 14:46 - 2015-09-14 17:03 - 00001806 ____N C:\Users\Public\Desktop\Intel GPA Frame Analyzer 2013 R3.lnk
2016-01-29 14:46 - 2015-09-14 17:03 - 00001792 ____N C:\Users\Public\Desktop\Intel GPA Monitor 2013 R3.lnk
2016-01-29 14:46 - 2015-09-12 22:05 - 00000935 ____N C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2016-01-29 14:46 - 2015-07-20 17:01 - 00001311 ____N C:\Users\Public\Desktop\Anime Studio Pro (x86).lnk
2016-01-29 14:46 - 2015-07-20 17:01 - 00001150 ____N C:\Users\Public\Desktop\Anime Studio Pro.lnk
2016-01-29 14:46 - 2015-07-20 15:17 - 00002230 ____N C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk
2016-01-29 14:46 - 2015-07-20 15:17 - 00002204 ____N C:\Users\Public\Desktop\AVG PC TuneUp 2015.lnk
2016-01-29 14:46 - 2015-04-16 00:59 - 00001963 ____N C:\Users\Public\Desktop\COMODO Internet Security.lnk
2016-01-29 14:46 - 2015-03-16 19:56 - 00001950 ____N C:\Users\Public\Desktop\e-Sword.lnk
2016-01-29 14:46 - 2015-01-25 17:21 - 00001170 ____N C:\Users\Public\Desktop\MAGIX Music Maker 2014 Premium.lnk
2016-01-29 14:46 - 2015-01-23 21:55 - 00001151 ____N C:\Users\Public\Desktop\FL Studio 10.lnk
2016-01-29 14:45 - 2015-10-14 20:53 - 00001516 ____N C:\Users\Supermatt\Desktop\UninstallTool_x64.exe - Shortcut.lnk
2016-01-29 14:45 - 2015-07-22 16:33 - 00001007 ____N C:\Users\Supermatt\Desktop\Telegram.lnk
2016-01-29 14:45 - 2015-05-09 11:55 - 00001363 ____N C:\Users\Supermatt\Desktop\Hippo Animator 3.lnk
2016-01-29 14:45 - 2015-05-02 23:31 - 00001014 ____N C:\Users\Supermatt\Desktop\Internet Download Manager.lnk
2016-01-29 14:45 - 2014-01-20 07:27 - 00001180 ____N C:\Users\Supermatt\Desktop\Roaming - Shortcut.lnk
2016-01-29 14:44 - 2015-08-13 23:40 - 00000994 ____N C:\Users\Supermatt\Desktop\AppData - Shortcut.lnk
2016-01-29 14:44 - 2015-01-30 23:21 - 00000663 ____N C:\Users\Supermatt\Desktop\downloads - Shortcut.lnk
2016-01-29 14:44 - 2014-01-14 17:01 - 00013340 ____N C:\Users\Supermatt\Desktop\cmd - Shortcut.lnk
2016-01-29 14:42 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\PLA
2016-01-29 13:26 - 2015-11-26 19:30 - 00000974 ____N C:\Users\Public\Desktop\Sibelius 7.lnk
2016-01-29 13:26 - 2015-07-23 12:30 - 00002183 ____N C:\Users\Public\Desktop\Xilisoft Video Converter Ultimate.lnk
2016-01-29 13:26 - 2015-03-25 19:27 - 00002741 ____N C:\Users\Public\Desktop\Vocabulary Worksheet Factory 5.lnk
2016-01-29 13:23 - 2014-09-13 22:48 - 00000000 ____D C:\Program Files\Autodesk
2016-01-29 12:26 - 2009-07-14 12:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-01-27 23:42 - 2015-05-05 23:41 - 00000000 ____D C:\Users\Supermatt\AppData\Roaming\vlc
2016-01-24 15:06 - 2014-04-24 19:49 - 00000000 ____D C:\Program Files (x86)\Neuratron AudioScore Ultimate Demo
2016-01-24 13:40 - 2014-01-08 20:52 - 00000000 ____D C:\Users\Supermatt
2016-01-19 22:32 - 2014-05-31 11:33 - 00000000 ____D C:\Users\Supermatt\Documents\Calibre Library
2016-01-18 06:10 - 2015-01-10 21:32 - 00000000 ____D C:\Windows\AutoKMS
2016-01-06 11:26 - 2009-07-14 12:08 - 00032638 ____N C:\Windows\Tasks\SCHEDLGU.TXT
==================== Files in the root of some directories =======
2014-04-30 09:03 - 2014-04-30 09:03 - 2174976 ____N (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2014-01-19 01:20 - 2014-06-18 00:57 - 4216840 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\vcredist.exe
2014-01-12 14:54 - 2015-12-03 09:53 - 0002115 _____ () C:\Users\Supermatt\AppData\Roaming\SAS7_000.DAT
2015-05-02 23:29 - 2015-05-02 23:31 - 0047104 _____ () C:\Users\Supermatt\AppData\Roaming\Thumbs.db
2015-08-17 23:37 - 2015-08-17 23:37 - 0000036 _____ () C:\Users\Supermatt\AppData\Local\housecall.guid.cache
2015-02-18 16:01 - 2015-07-31 10:02 - 0007603 _____ () C:\Users\Supermatt\AppData\Local\Resmon.ResmonCfg
2015-08-18 01:08 - 2015-08-18 01:08 - 0000010 _____ () C:\Users\Supermatt\AppData\Local\sponge.last.runtime.cache
2015-05-11 21:44 - 2015-05-11 21:46 - 0000000 _____ () C:\Users\Supermatt\AppData\Local\TaskMan.cmd.done
2014-07-16 20:27 - 2014-07-16 20:27 - 0000000 _____ () C:\Users\Supermatt\AppData\Local\{B6A17797-1312-4D71-B698-87AF7CAD21F9}
2015-02-01 16:07 - 2015-08-01 16:07 - 0000211 _____ () C:\ProgramData\acer.zip
2015-01-03 00:20 - 2015-01-03 00:20 - 5404888 _____ (COMODO) C:\ProgramData\cis28B.exe
2015-01-17 09:14 - 2015-01-17 09:14 - 0010466 _____ () C:\ProgramData\regid.2002-03.com.schoolhousetech_25E9AB98-8909-46D8-8DB6-EDCF1F32EB56.swidtag
2014-11-17 06:29 - 2014-11-17 06:29 - 0010494 _____ () C:\ProgramData\regid.2002-03.com.schoolhousetech_91210511-7AF9-4433-BFA0-27835E6A620E.swidtag
2013-04-20 08:11 - 2013-04-20 08:11 - 0010313 _____ () C:\ProgramData\regid.2002-03.com.schoolhousetech_D0224F9C-EA21-4DFC-BF88-2799ED2826DB.swidtag
Files to move or delete:
====================
C:\ProgramData\cis28B.exe
Some files in TEMP:
====================
C:\Users\Supermatt\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Supermatt\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-01-29 00:38
==================== End of FRST.txt ============================
dditional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Supermatt (2016-02-02 13:44:52)
Running from C:\Users\Supermatt\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-01-08 13:51:07)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3797239318-1157007529-570800937-500 - Administrator - Disabled)
Guest (S-1-5-21-3797239318-1157007529-570800937-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3797239318-1157007529-570800937-1002 - Limited - Enabled)
Supermatt (S-1-5-21-3797239318-1157007529-570800937-1000 - Administrator - Enabled) => C:\Users\Supermatt
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: COMODO Antivirus (Disabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.207 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Playpanel (HKLM-x32\...\{69967F97-E880-44B9-8383-5278BBC8809B}) (Version: 1.3.0.33 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Alive Video Converter (version 3.1.8.6) (HKLM-x32\...\Alive Video Converter_is1) (Version: - AliveMedia, Inc.)
American English Super Minds Student's Book 5 (HKLM-x32\...\American English Super Minds Student's Book 5) (Version: 1.0.0.0 - Cambridge University Press)
American English Super Minds Student's Book 6 (HKLM-x32\...\American English Super Minds Student's Book 6) (Version: 1.0.0.0 - Cambridge University Press)
American Super Minds Students Book Level 1 (HKLM-x32\...\American Super Minds Students Book Level 1) (Version: 1.0.0.0 - Cambridge University Press)
American Super Minds Students Book Level 2 (HKLM-x32\...\American Super Minds Students Book Level 2) (Version: 1.0.0.0 - Cambridge University Press)
American Super Minds Students Book Level 3 (HKLM-x32\...\American Super Minds Students Book Level 3) (Version: 1.0.0.0 - Cambridge University Press)
American Super Minds Students Book Level 4 (HKLM-x32\...\American Super Minds Students Book Level 4) (Version: 1.0.0.0 - Cambridge University Press)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Anime Studio Pro 10.1.1 (HKLM\...\ASP1011_is1) (Version: 10.1.1 - Smith Micro Software, Inc.)
Anime Studio Pro 11.0 (HKLM\...\ASP1100_is1) (Version: 11.0 - Smith Micro Software, Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 3.0.159.0 - Autodesk)
Autodesk Maya LT 2015 (HKLM\...\Autodesk Maya LT 2015) (Version: 15.10.373.0 - Autodesk)
Autodesk Maya LT 2015 (Version: 15.10.373.0 - Autodesk) Hidden
AVG PC TuneUp 2015 (en-US) (x32 Version: 15.0.1001.604 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.604 - AVG Technologies)
AVG PC TuneUp 2015 (x32 Version: 15.0.1001.604 - AVG Technologies) Hidden
Avid License Control (HKLM-x32\...\{89A9B9EE-839E-4820-9450-2912C82F46AF}) (Version: 6.0.0 - Avid Technology, Inc.)
Bing Bar (HKLM-x32\...\{49977584-B20E-46AB-818F-845815378904}) (Version: 7.3.117.0 - Microsoft Corporation)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{DF011CCA-4998-4A71-B593-4283924F99A0}) (Version: 1.25.0 - Kovid Goyal)
calibre 64bit (HKLM\...\{7159D1E5-62F5-42C9-825E-BE613B5DFB0F}) (Version: 2.38.0 - Kovid Goyal)
CGS17_Setup_x64 (Version: 17.0 - Corel Corporation) Hidden
Chromodo (HKLM-x32\...\Chromodo) (Version: 45.8.12.391 - Comodo)
Classware (HKLM-x32\...\Classware.D18242EEED0228FFB0408CDB0EFA905F46FFD844.1) (Version: v1.2.3.7574 - Cambridge University Press Holdings Limited)
Classware (x32 Version: 1.2.3 - Cambridge University Press Holdings Limited) Hidden
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
COMODO Internet Security Premium (HKLM\...\{73830292-868E-4C82-9AF5-CCFE2047B6A3}) (Version: 8.2.0.4508 - COMODO Security Solutions Inc.)
Corel Graphics - Windows Shell Extension (HKLM\...\_{4AB916EE-ABA8-4079-9889-745798B6D809}) (Version: 17.0.0.491 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 17.0.491 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.0.491 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.0.0.491 - Corel Corporation)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1905.56 - CyberLink Corp.)
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
DFX (HKLM-x32\...\DFX) (Version: 12.014.0.0 - Power Technology)
Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON TX121 Series Printer Uninstall (HKLM\...\EPSON TX121 Series) (Version: - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
e-Sword (HKLM-x32\...\{463178C4-E707-41EE-BE8A-080C62BF526D}) (Version: 10.04.0000 - Rick Meyers)
e-Sword Macros for Word 2013 (HKLM-x32\...\{B9FDCE73-DC39-4671-8F2E-2CA5ACB924B0}) (Version: 10.02.0000 - Rick Meyers)
EverQuest (HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\DG0-EverQuest) (Version: - Sony Online Entertainment)
EverQuest (HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\soe-EverQuest) (Version: 1.0.3.183 - Sony Online Entertainment)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version: - Image-Line)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Hippo Animator 3.8 (HKLM\...\Hippo Animator 3) (Version: 3.8.5316.24610 - Hippo Studios)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.12.253 - SurfRight B.V.)
IL Autogun (HKLM-x32\...\IL Autogun) (Version: - Image-Line)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version: - Image-Line)
Intel Android Device USB driver (HKLM\...\Intel Android Device USB driver) (Version: 1.1.5 - Intel)
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Intel® Graphics Performance Analyzers 2013 R3 (HKLM\...\{B48DBBEE-2CCB-492E-2571-78ECE93329CB}) (Version: 13.3.0.207307 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.9.5 - PACE Anti-Piracy, Inc.)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java SE Development Kit 7 Update 75 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170750}) (Version: 1.7.0.750 - Oracle)
KMSpico v9.3.1 (HKLM\...\KMSpico_is1) (Version: 9.3.1 - )
LenovoTool 1.2.2_os (HKLM-x32\...\LenovoTool) (Version: 1.2.2_os - Lenovo)
LenovoUsbDriver 1.0.12 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.0.12 - Lenovo)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version: - Line 6)
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Independence Libraries Common Files (HKLM-x32\...\MAGIX_{2014CA36-C62B-4E1D-9816-1EDE4845E0F0}) (Version: 3.1.0.0 - MAGIX AG)
MAGIX Independence Libraries Common Files (Version: 3.1.0.0 - MAGIX AG) Hidden
MAGIX Independence Pro 3.1 VST-Plugins (HKLM-x32\...\MAGIX_{74CC038C-E942-42A7-A54A-4CB686050428}) (Version: 3.1.0.0 - MAGIX AG)
MAGIX Independence Pro 3.1 VST-Plugins (Version: 3.1.0.0 - MAGIX AG) Hidden
MAGIX Independence Pro Software Suite 3.1 (HKLM-x32\...\MAGIX_{12FBE83D-482B-4D82-BAC7-665B7DD79DB2}) (Version: 3.1.1.11 - MAGIX AG)
MAGIX Independence Pro Software Suite 3.1 (Version: 3.1.1.11 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium (HKLM-x32\...\MX.{088A4B09-8FB2-48D0-932A-7F90BE050543}) (Version: 20.0.2.35 - MAGIX AG)
MAGIX Music Maker 2014 Premium (Introductory videos) (HKLM-x32\...\MX.{4BA5297E-60A6-4F18-9AAC-25A878C4E38C}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Music Maker 2014 Premium (Introductory videos) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium (Synthesizer and effects) (HKLM-x32\...\MX.{773A4DDC-3B52-42C7-8B7A-52369B9A390B}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Music Maker 2014 Premium (Synthesizer and effects) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium (Version: 20.0.2.35 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium (Visuals) (HKLM-x32\...\MX.{A6A5590A-0FF9-4FD9-AD8D-17B5BCBE06F5}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Music Maker 2014 Premium (Visuals) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{5C375A31-ED71-4CA0-91E0-8FA47E72D56D}) (Version: 7.0.1.27 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.1.27 - MAGIX AG) Hidden
Malwarebytes Anti-Exploit version 1.8.1.1189 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1189 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Manga Studio (HKLM-x32\...\{CFA66508-B19D-4032-AB0A-EBBA2BDF1368}) (Version: 5.0.5 - Smith Micro)
Math Resource Studio 5 (HKLM-x32\...\{946E9741-5FAE-4011-9019-BC1FAF3FE99D}) (Version: 5.0.14.1 - Schoolhouse Technologies)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - Indonesia (HKLM\...\{90150000-001F-0421-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Toolkit 2.4.0.0 (HKLM-x32\...\Microsoft Toolkit 2.4.0.0) (Version: 2.4.0.0 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
MiniTool Partition Wizard Professional Edition 8.1.1 (HKLM-x32\...\{2991A446-D356-44EC-930A-42E8B02A67C0}_is1) (Version: - MiniTool Solution Ltd.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 2014 (HKLM-x32\...\{0128492C-AB60-43BE-9D9A-8CA622CAF06E}) (Version: 15.0.07700 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)
Neuratron AudioScore Ultimate Demo (HKLM-x32\...\Neuratron AudioScore Ultimate Demo) (Version: 7.0.1 - Neuratron Ltd)
Nitro Pro 9 (HKLM\...\{BC8E7DF0-4434-4688-B615-0A3E5FACFC26}) (Version: 9.0.4.5 - Nitro)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.6 - Notepad++ Team)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Oracle VM VirtualBox 4.3.26 (HKLM\...\{5771F59A-BFC9-4FAF-A883-7642EF4BA3C3}) (Version: 4.3.26 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.6 - Power Software Ltd)
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
RealDownloader (x32 Version: 18.0.1.10 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 18.0.1.9 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)
RealTimes (RealPlayer) (HKLM-x32\...\RealPlayer 18.0) (Version: 18.0.1 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Schoolhouse Test 4 (HKLM-x32\...\{F5C9D54B-C338-4EF1-89D4-94F369CFC061}) (Version: 4.0.3.3 - Schoolhouse Technologies)
Sibelius 7 OpenType Fonts (HKLM-x32\...\{7325A8DF-C8C3-4425-B0CA-8CAEE5E6464B}) (Version: 7.0.1 - Avid)
Sibelius 7.1.0.54 (HKLM\...\Sibelius 7.0.0.23_is1) (Version: 7.1.0.54 - Avid)
Singing Coach 5 Pro (HKLM-x32\...\Singing Coach 5 Pro) (Version: 5.0.5.0 - Electronic Learning Products, Inc. )
SMADAV version 10.1.1 (HKLM-x32\...\{8B9FA5FF-3E61-4658-B0DA-E6DDB46D6BAD}_is1) (Version: 10.1.1 - SmadSoft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.14.0 - Synaptics Incorporated)
Telegram Desktop version 0.9.2 (HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.9.2 - Telegram Messenger LLP)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Tixati (HKLM-x32\...\tixati) (Version: - )
TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden
Uninstall Tool (HKLM\...\Uninstall Tool_is1) (Version: 3.4.3 - CrystalIDEA Software, Inc.)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
Vita 2 (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita 2 add-on content (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Drum Engine (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Electric Piano (Version: 1.0.2.0 - MAGIX AG) Hidden
Vita Jazz Drums (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Pop Brass (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Power Guitar (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Vintage Organ (Version: 1.0.1.0 - MAGIX AG) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vocabulary Worksheet Factory 5 (HKLM-x32\...\{DCC3A680-485D-4C55-AEDE-A87483B99E54}) (Version: 5.0.20.4 - Schoolhouse Technologies)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6000 - Broadcom Corporation)
Windows Driver Package - Broadcom Bluetooth (05/30/2009 6.2.0.9001) (HKLM\...\A23C8E6131018F6C031746C2E823E8A8809DD96C) (Version: 05/30/2009 6.2.0.9001 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WordWeb Pro (HKLM-x32\...\WordWeb) (Version: 7 - WordWeb Software)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.8.8.20150402 - Xilisoft)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01974FF4-C928-4060-8645-3746195A648B} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-07] (COMODO)
Task: {02170602-07F0-446E-8EF6-4FCF2D7FCE4E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {0FE1F78F-1F58-4105-9BDE-B3C6ED7DD4B2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {1BE082D2-A046-4CC3-A3F0-3FDC5AC850A1} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-07] (COMODO)
Task: {1F3CDABB-8232-4CB1-A34D-F033ADF625D3} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-07] (COMODO)
Task: {2C06514F-EDDA-4EE6-B2EA-C32AC97CBA99} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe
Task: {2D159C88-B96E-48E4-87F6-84431EADC166} - System32\Tasks\{FDB7A662-A7D5-4A80-88F5-8A1C522277DD} => pcalua.exe -a C:\Users\SUPERM~1\AppData\Local\Temp\jre-8u65-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1
Task: {31FC16E8-C5B4-4C9C-872E-03D2AD400BA7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2016-02-01] (Microsoft Corporation)
Task: {35541BD8-08B8-456E-977E-5ABF73EA6E11} - System32\Tasks\Intel® GPA Monitor 13.3 => C:\Program Files\Intel\GPA\2013 R3\gpamonitor.exe [2015-09-14] (Intel Corporation)
Task: {36BB3399-DBF8-4C02-85E0-007CB985B1A1} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3797239318-1157007529-570800937-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-07-02] (RealNetworks, Inc.)
Task: {3AE3FB84-1465-4EBA-B033-D42FECA4FA61} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {3B80579E-36F7-4660-8B69-82A52D1CBF8F} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3797239318-1157007529-570800937-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-07-02] (RealNetworks, Inc.)
Task: {3BD3C4D8-5152-4ABB-ACB9-F60AE7A8216E} - System32\Tasks\{C173130E-3670-44A5-A0A3-8FFD0695BA69} => C:\Program Files (x86)\Smartfren Connex CE81B UI\WirelessModem.exe
Task: {3D745856-9288-4A66-9231-121B6FC8280B} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-07] (COMODO)
Task: {3FD27E52-528D-4170-A038-F80459832E79} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Supermatt-PC-Supermatt Supermatt-PC => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2013-11-08] (Microsoft Corporation)
Task: {51043A39-9DA2-438D-BE0F-C00F94A17743} - System32\Tasks\Connectify Update => Wscript.exe //nologo //B //E:jscript "C:\Users\Supermatt\AppData\Roaming\Connectify\settings.ini" <==== ATTENTION
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {5C1D53F2-A431-4D09-9788-5288219B42B0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {5E2394D8-03CD-4742-B047-A59AA864A664} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {65C384BF-A758-4B28-BA68-B6223C2D816C} - System32\Tasks\{84730051-CB16-4170-B638-3CBC48C9AAFA} => C:\Users\Supermatt\Downloads\S22_T12_T22_N11_T13_T22E_SX125_TX120_NX120_TX121_x86_673HomeExport_s.exe
Task: {8921B5F4-E922-4A38-AEDE-244681FF81D7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3797239318-1157007529-570800937-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2015-07-02] (RealNetworks, Inc.)
Task: {8F4CF6A0-B45B-4E52-9009-C505F9D7A091} - System32\Tasks\COMODO CertSentry Updater => C:\Windows\system32\certsentry.exe [2015-04-17] (COMODO CA Limited)
Task: {9EA43A95-A8CD-4975-B11A-748D6AC8948D} - System32\Tasks\Real Player online update program => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2015-07-02] (RealNetworks, Inc.)
Task: {A9EE4656-CBCB-40A3-AD82-BD7D16B21D4D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {AB380AC4-2E4B-4213-92C5-7351EA39E935} - System32\Tasks\smadav => C:\Program Files (x86)\Smadav\SMΔRTP.exe [2015-12-19] (Smadsoft)
Task: {ACD4A17B-80F7-4D52-94A1-822A28E2999E} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-01-16] ()
Task: {AFDA95AA-E786-438B-994E-9AF9C9915827} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B3C9C83D-A474-426B-A047-88AD74EAC1B8} - System32\Tasks\Trend Micro Inspect of Platinum => C:\Program Files\Trend Micro\Titanium\plugin\Pt\win32\Inspect\Inspect.exe
Task: {BD713D72-173C-48F6-8A8A-B670C44C6374} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3797239318-1157007529-570800937-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2015-07-02] (RealNetworks, Inc.)
Task: {C27A02A9-9CB0-4887-9A55-4F229FDC3BF5} - System32\Tasks\RunUninstallTool_SkipUac => C:\Program Files\Uninstall Tool\UninstallTool.exe
Task: {C9C4CB60-7785-4BFB-8AB1-7CEE5D431073} - System32\Tasks\{983DFDD9-AB89-45AD-8EFD-BAFE6774E08C} => pcalua.exe -a "C:\Program Files (x86)\Security Task Manager\Setup.exe" -d "C:\Program Files (x86)\Security Task Manager"
Task: {CA76A492-FF21-406B-97B6-DE1E43EDE81D} - \AutoPico Daily Restart -> No File <==== ATTENTION
Task: {DB3CB2A9-E47B-4C14-BD98-5EAB4826DC3B} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-07] (COMODO)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E00DAAA3-C20A-4AAA-B36F-38F78DE05BA1} - System32\Tasks\{8902A5A3-54A0-4BBF-892E-12ED7A2F33E5} => pcalua.exe -a C:\Users\SUPERM~1\AppData\Local\Temp\jre-8u45-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1
Task: {E20FE766-DA34-4D12-92B8-EAA36B178DE7} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2015-07-02] ()
Task: {E620F070-9DCA-4003-9542-72629F7DB336} - System32\Tasks\{6C4FAF2A-FE02-4337-A7DF-AE99D7B71E73} => C:\Program Files (x86)\Smartfren Connex CE81B UI\WirelessModem.exe
Task: {E8981B98-E013-4FB6-AC03-CA4DB9303CF9} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2016-02-01] (Microsoft Corporation)
Task: {EB90A0FE-796F-4ABB-B8D3-3D5B37D0D31E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-14] (Adobe Systems Incorporated)
Task: {F253961A-27C4-473E-BCE3-AC65C4E55B84} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2015-01-29] (Acer Incorporated)
Task: {F84D1971-B13E-4E04-8FA3-FCAEDB0569FA} - System32\Tasks\{908FE2A9-78B6-4106-BC22-E8ED8EF3A34B} => pcalua.exe -a "C:\Users\Supermatt\Desktop\downloads\FLSANIBP\samples and vst stuff for flstudio\samples and vst stuff for flstudio\Fruity loops retail soundpacks III.exe" -d "C:\Users\Supermatt\Desktop\downloads\FLSANIBP\samples and vst stuff for flstudio\samples and vst stuff for flstudio"
Task: {F9A4D47A-3C11-494D-9AB2-342BFBEAC2BB} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-07-15] (Oracle Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Connectify Update.job => Wscript.exe V/nologo /B /E:jscript C:\Users\Supermatt\AppData\Roaming\Connectify\settings.ini <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2009-09-21 15:04 - 2009-09-21 15:04 - 01501696 ____N () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-06-29 10:24 - 2015-06-29 10:24 - 00718136 ____N () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2013-10-17 11:23 - 2013-10-17 11:23 - 08866472 ____N () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-04-16 03:13 - 2015-04-16 03:13 - 00222720 ____N () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-01-08 23:02 - 2015-01-08 23:02 - 00067808 ____N () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2015-06-29 10:24 - 2015-06-29 10:24 - 00862008 ____N () C:\Program Files (x86)\AVG\AVG PC TuneUp\tulnga.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\autoexec.bat:$CmdTcID
AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AcpiServiceVnA64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AERTAC64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AERTAR64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audioLibVc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BcmBtRSupport.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bdsandboxuh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bdsandboxuiskin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\btwdi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BtwRSupportService.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\charmap.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CONEQMSAPOGUILibrary.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DDPA64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DDPD64A.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DDPO64A.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DDPP64A.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dfshim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\difx64.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dns-sd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpapiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSBassEnhancementDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSBoostDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSGainCompensatorDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSGFXAPO64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSGFXAPONS64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSLFXAPO64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSLimiterDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSNeoPCDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSS2HeadphoneDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSS2SpeakerDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSSymmetryDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSU2PGFX64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSU2PLFX64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSU2PREC64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DTSVoiceClarityDLL64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FMAPO64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gfxSrvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\GfxUI.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hccutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hkcmd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icardagt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icardres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ig4icd64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igd10umd64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igdumd64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxcmjit64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxcmrt64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxCoIn_v2993.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxdev.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IGFXDEVLib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxdo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxexps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxext.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxpers.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxpph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrara.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrchs.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrcht.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrcsy.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrdan.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrdeu.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrell.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrenu.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxresn.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxress.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrfin.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrfra.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrheb.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrhrv.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrhun.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrita.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrjpn.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrkor.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrnld.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrnor.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrplk.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrptb.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrptg.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrrom.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrrus.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrsky.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrslv.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrsve.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrtha.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrtrk.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxsrvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxsrvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxTMM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxtray.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\infocardapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IntcDAuC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iologmsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\java.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\javaw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\javaws.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jnwmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KAAPORT64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDAZE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDAZEL.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDBASH.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kbdgeoqw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDRU.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDRU1.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDTAT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDYAK.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mapistub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO20.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO30.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO4064.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO5064.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPOShell64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxAudioEQ64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxAudioRealtek264.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxAudioRealtek64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxAudioVnA64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxAudioVnN64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxSpeechAPO64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxVoiceAPO2064.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MaxxVolumeSDAPO.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcmde.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MISS_APO.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscorier.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscories.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msmpeg2adec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlsbres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\objsel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OpenAL32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\osk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\R4EEA64A.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\R4EED64A.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\R4EEG64A.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\R4EEL64A.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\R4EEP64A.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RCoInstII64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpcorekmts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RP3DAA64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RP3DHT64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RTCOM64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RtDataProc64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RTEED64A.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RTEEG64A.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RTEEL64A.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RTEEP64A.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RtkApi64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RtkAPO64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RtkCfg64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RtkCoLDR64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RTKSMlfx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RTKSMSettingsIPC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RtlCPAPI64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RtPgEx64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RTSnMg64.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SFAPO64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SFCOM64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SFNHK64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SFSS_APO.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sl3apo64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\slcnt64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\slprp64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sltech64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SRSHP64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SRSTSH64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SRSTSX64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SRSWOW64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SupportTool.exe.bat:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SynCOM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SynCtrl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SynGlwPadShlExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SynTPAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SynTPCo8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tadefxapo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tadefxapo264.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tepeqapo64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tosade.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tosasfapo64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\toseaeapo64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tossaeapo64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWorkspace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ucrtbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VBoxNetFltNobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WavesGUILib64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WdfCoInstaller01007.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WdfCoInstaller01009.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wincredprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinUSBCoInstaller2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wrap_oal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\charmap.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dfshim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dns-sd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dpapiprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\els.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fixmapi.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerInstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\icardagt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\icardres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ig4icd32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\igd10umd32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\igdumd32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\igdumdx32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\igfxcmjit32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\igfxcmrt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\igfxdv32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\igfxexps32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\infocardapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iologmsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDAZE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDAZEL.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDBASH.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kbdgeoqw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDRU.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDRU1.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDTAT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDYAK.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mapistub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MaxxAudioAPOShell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Microsoft Toolkit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mscorier.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mscories.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2adec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlsbres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\objsel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\occache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\osk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\packager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rastls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ReWire.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SFCOM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\subinacl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SynCOM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SynCtrl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SynTPCOM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SynTPEnhPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSWorkspace.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TsWpfWrp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ucrtbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vorbis.acm:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wincredprovider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winsta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmpmde.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wrap_oal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ANDROIDUSB.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\aswTap.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\bcbtums.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\btwaudio.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\btwavdt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\btwl2cap.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\btwrchid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\CisUtMonitor.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\cnnctfy3.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dfx11_1x64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dfx12x64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Diskdump.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\iaStorA.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\iaStorF.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\igdkmd64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\IntcDAud.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\IntelHaxm.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\k57nd60a.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\kbfilter.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\msiscsi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ndiskhaz.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rdpvideominiport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\RTKVHD64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Smb_driver_Intel.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\storport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\stream.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\SynTP.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tapSF0901.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tdx.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tmactmon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tmcomm.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\TMEBC64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tmeevw.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tmevtmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tmnciesc.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tmusa.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\TosBtCi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tosporte.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tosrfbd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tosrfbnp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tosrfcom.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Tosrfhid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tosrfnds.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\TosRfSnd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tosrfusb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbFlt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\TurboB.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxDrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxNetAdp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxNetFlt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxUSBMon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\wcmvcam64.sys:$CmdTcID
AlternateDataStreams: C:\ProgramData\cis28B.exe:$CmdTcID
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
AlternateDataStreams: C:\Users\Supermatt\Desktop\adwcleaner_5.032.exe:$CmdTcID
AlternateDataStreams: C:\Users\Supermatt\Desktop\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Supermatt\Desktop\meteos-mtk6589-rom-edit-optimized_for_8gb-en.apk:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Desktop\MiniToolBox.exe:$CmdTcID
AlternateDataStreams: C:\Users\Supermatt\Desktop\RogueKiller.exe:$CmdTcID
AlternateDataStreams: C:\Users\Supermatt\Downloads\1-100 pic.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\1-75.png:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\20160104 (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\20160104.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\20160105.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\20160113.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\3650559416010026653.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\43_____Macmillan_English_Grammar_in_Context__gnv__..torrent:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\461785816034XXXX.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\544741804332XXXX (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\544741804332XXXX.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\6 Kung Fu Secrets for Flexibility & Higher Kicks.mp4:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\67Grammar_Games_For_Children______..torrent:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\7010296916010026635.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\8m05bb36g04.exe:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\adjectives.doc:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\AdwCleaner.exe:$CmdTcID
AlternateDataStreams: C:\Users\Supermatt\Downloads\All MTK USB Driver 2014.rar:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Analytic-Rubric-Template.docx:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\android-studio-bundle-135.1641136.exe:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\autogun_install.exe:$CmdTcID
AlternateDataStreams: C:\Users\Supermatt\Downloads\autogun_install.exe:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\A_Better_Camera_Unlocked_v3.31.TROJAN.ONHAX.apk:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Baralajbi_v2.0_TWRP_v2.8.4.0_rev2_CN.zip:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Blood Moon Rise.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Bluetooth_Broadcom_6.3.0.6000_W7x64_A.zip:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\book on a desk.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Boy and girl talking.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Boy in a musem.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Boy soldier.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\boy-girl- Hello.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\brickman.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\C._K.Chu_-_The_Book_of_Nei_Kung_1st_ed.pdf.torrent:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\calibre-64bit-2.38.0.msi:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\CAT B GR 3 - 4 - Spelling Bee Wordlist.doc:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\cat in a box.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\CC statement template konvensional_20160118_0055794802.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Cities-and-Towns-Transcript (1).doc:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Cities-and-Towns-Transcript.doc:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\cn+v5-8gb.zip:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\coherence-cohesion.ppt:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Combined-Community-Codec-Pack-2014-07-13.exe:$CmdTcID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Combined-Community-Codec-Pack-2014-07-13.exe:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Cows can't do that.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Crazy katy.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\cu31924031764594.epub:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\D467_Storytelling_handbook_FINAL_web.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\demonstrative-pronouns.docx:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\drove a car.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\EBRtweak_1.2-w-instructions.zip:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\EBRtweak_1.2.zip:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\EC FINALTEST MAY 2015.doc:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\english-pronouns.docx:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\English_Grammar_in_Use_rd_Edition_CD___Demonoid.com___..torrent:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables20093122229851430194.doc:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables2009521133639530074079.doc:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables20096719959341029384.doc:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables201021914855766628530.doc:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables201022401613547116161.doc:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables201098125924964636505.doc:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables2011629165151324736806.doc:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables201421402831610.doc:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables2016122233302070.doc:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\eStatement_01192016 (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\eStatement_01192016.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\EXE.zip:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\f2v7x.W.C.I.PS.C.K.D.M.M.A.B.C.part1.rar:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\f2v7x.W.C.I.PS.C.K.D.M.M.A.B.C.part2.rar:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Family Sturcture.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\FE Advanced - the MoonX.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Fire Resque.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\FL_SM_v2.0.1[Androidiha.com].apk:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\full_17792_word_formation_from_verb_to_noun_or_adjective_1.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\full_17792_word_formation_from_verb_to_noun_or_adjective_2.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\full_18587_word_formation_from_adjective_to_noun_or_verb_1.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\full_18587_word_formation_from_adjective_to_noun_or_verb_2.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Fundamentals_of_English_Grammar-Teacher_s_Guide_0130136344.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Girl and Boy talking.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\googledrivesync.exe:$CmdTcID
AlternateDataStreams: C:\Users\Supermatt\Downloads\googledrivesync.exe:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\GR 1 - 2 wordlist (1).doc:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\GR 1 - 2 wordlist.doc:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\GR 3 - 4 - Spelling Bee Wordlist (1).doc:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\GR 3 - 4 - Spelling Bee Wordlist.doc:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\GR 5- 6 SPELLBEE 2015.doc:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\guitar-sale-poster.png:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\hard work.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\He has to go to the dentist.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\He has to take out the trash.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Hobbies.png:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Holistic-Rubric-Template.docx:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\House burn.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\IntelAndroidDrvSetup1.1.5.exe:$CmdTcID
AlternateDataStreams: C:\Users\Supermatt\Downloads\IntelAndroidDrvSetup1.1.5.exe:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Kadosh.mp3:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Kadosh_Adonai_(Hebrew)_Elisheva_Shomron_(w_lyrics).mp3:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\kernel_injector.zip:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Lazy guy.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Lenovo-P780-ReParted-0.2.2-ID-EN-Aroma.zip:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\little-girl-in-museum.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\making-words-negative-verbs.docx:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\man-falling-down-stairs1.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\manual.doc:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\mbae-setup-1.08.1.1045.exe:$CmdTcID
AlternateDataStreams: C:\Users\Supermatt\Downloads\mbae-setup-1.08.1.1045.exe:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Men can't do that.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\meteos-mtk6589-rom-edit-8gb-en.apk:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\mintywhite-1003-fonts-megapack.zip:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Mounts2SD-3.4.8-unlocked.apk:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\MT65xx-Port-Lewa.7z:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\MTK6589_Partition_4GB_8GB_16GB.rar:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\never drove a car.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\never rode a horse.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\NITRO_X_SPARK_V3.0_VISION_OFFICIAL.zip:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\numbers.doc:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Old man boarding.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\P780ROW_8Gb_ReParted_Data_no_int_sd_no_backup.zip:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\P780_S135_130917_rooted_twrp_gapps.7z:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\P780_S308_130814.rar:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Paramedic help.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Patch_V6-2015-07-01.zip:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\People can't do that.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\prepositions of movment 2.png:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\prepositions of movment.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Puppy for sale.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\puppy under a tree.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Pure_Graphic_HD_Tweak.zip:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Rode a horse.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\row+v5-8gb.zip:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\RUGOS_0.TTF:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Rules.png:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Samuel.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Santo (Kadosh) .mp3:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\scaryman.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\ScatterEditor_v1.06.7z:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Scatter_files_4GB_and_8GB.7z:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\ScoreCloud-Win-340.exe:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Seeder-2.0.0.apk:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Supermatt\Downloads\setup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\setup1040.exe:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Sharp dressed man.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\SILVA-Sniper.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\SimonJanvier_ThorFM1stSeries.rfl:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Single-Point-Rubric-Template-1 (1).docx:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Single-Point-Rubric-Template-2.docx:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\smadav1025.exe:$CmdTcID
AlternateDataStreams: C:\Users\Supermatt\Downloads\smadav1025.exe:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\SMP - SPELLING BEE WORD LISTS (1).doc:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\SMP - SPELLING BEE WORD LISTS.doc:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\spelling bee word list.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\swimming.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Talking together.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\test3-openrecovery-TWRP-saga-2.8.1.2-unofficial.img:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\The Middle East in Jesus Day.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\tixati-2.12-1.win64-install.exe:$CmdTcID
AlternateDataStreams: C:\Users\Supermatt\Downloads\tixati-2.12-1.win64-install.exe:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\twrp-2.8.4.0rev2-p780row.zip:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\twrp-2.8.7.1rev1-p780row+.zip:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\UAPM-1.41.apk:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\unit-3.docx:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\UPDATE-SuperSU-v2.46.zip:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\well dressed girl.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\What's your name.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\WM9Codecs.exe:$CmdTcID
AlternateDataStreams: C:\Users\Supermatt\Downloads\WM9Codecs.exe:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\x-demonoidcom-x_over_70_english_grammar_and_writing_books_5100102926.torrent:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\Xilisoft Media Toolkit Deluxe 7.8.8.20150402 Final [TEAMOS-HKRG].rar:$CmdZnID
AlternateDataStreams: C:\Users\Supermatt\Downloads\[limetorrents.cc]Malwarebytes.Anti-Malware.Premium.2.1.8.1057.Multilingual...KeyGen.by.FFF.torrent:$CmdZnID
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\Software\Classes\exefile: <===== ATTENTION
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\sony.com -> sony.com
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 09:34 - 2016-01-31 12:49 - 00000161 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Supermatt\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: DragonSvc => 3
MSCONFIG\Services: FlexNet Licensing Service 64 => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: RealPlayerUpdateSvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealTimes.lnk => C:\Windows\pss\RealTimes.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: RealDownloader => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "ADSKAppManager"
HKLM\...\StartupApproved\Run32: => "PowerDVD12DMREngine"
HKLM\...\StartupApproved\Run32: => "PowerDVD12Agent"
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKLM\...\StartupApproved\Run32: => "MagicPlusHelper"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "RealDownloader"
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\StartupApproved\Run: => "DAEMON Tools Pro Agent"
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\StartupApproved\Run: => "ISUSPM"
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\StartupApproved\Run: => "Messenger (Yahoo!)"
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\StartupApproved\Run: => "GoogleDriveSync"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{219A26F1-820B-49F7-B661-6C4E6944FC2E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{AAAA85EC-D718-47C9-879C-CDA8579CEFF6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{705D0812-999F-4EF8-8025-FFA528D0E6D0}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{80E07C3D-27C6-47CF-8574-218C777634AA}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{9848B36B-2273-4286-BF90-C2B5466218E2}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{6F5EA031-9D3E-4CB9-8F7D-9A40E84582ED}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{87BC4FC3-2EB9-476F-9BB0-DE43EC4B3C67}] => (Allow) LPort=26675
FirewallRules: [TCP Query User{9DAF9614-B9CF-4360-BDF7-6B2C919C1F08}C:\program files (x86)\tixati\tixati.exe] => (Allow) C:\program files (x86)\tixati\tixati.exe
FirewallRules: [UDP Query User{5E34C749-0653-4A6F-A3E0-A49DEAA7974D}C:\program files (x86)\tixati\tixati.exe] => (Allow) C:\program files (x86)\tixati\tixati.exe
FirewallRules: [{3754294B-8BC5-409F-B742-3D4DB2D82D78}] => (Allow) LPort=51001
FirewallRules: [{CE38EE3F-28BE-444A-A851-C14A7EEE0DA7}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{8A0746D9-2F0D-4D23-A0EB-85FB8C59C068}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{0B2529E6-9DCF-451A-B3F5-1A29AFC0D005}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2968D884-222C-4949-BA1D-5AE2871B37FD}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{717759C5-69C3-4E26-B94C-3195D192A090}] => (Allow) LPort=51001
FirewallRules: [TCP Query User{79F7CDED-6AC6-4D56-A3FF-0993692193FC}C:\program files (x86)\tixati\tixati.exe] => (Allow) C:\program files (x86)\tixati\tixati.exe
FirewallRules: [UDP Query User{7C74F8CF-3178-4E87-8461-C3E22F58B130}C:\program files (x86)\tixati\tixati.exe] => (Allow) C:\program files (x86)\tixati\tixati.exe
FirewallRules: [{C5604AA7-992D-4CCB-8CEB-0F774590582D}] => (Block) %ProgramFiles% (x86)\Nero\Nero ControlCenter\NCC.exe
FirewallRules: [{85E81382-982E-4DC7-9488-F0B13DBE20CC}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{0022D6B1-7412-4FA2-B941-CC9CC80AF313}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{AAF0200E-A99F-484B-88DD-31680040AB7C}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{AC0B44C7-FB73-499A-A74A-537201C64AA8}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{FD1E42B2-3866-4BC7-B7CC-2E4EFA78BBAB}] => (Block) %ProgramFiles% (x86)\Nero\Nero ControlCenter\NCC.exe
FirewallRules: [{A8C5307B-204A-4D37-AB9D-B92A42C31853}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{FB183F9E-6CEC-4CBF-B482-D0647D4D7F83}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{9E6A5106-9A61-419D-8BD2-BC947901BB3D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{56C037E2-0A93-42E4-9547-FC027885C4A5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{6C1857C7-8DD9-4830-A921-AB9EFE6799DB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{F20B86A7-CAC9-4BF8-8B0C-FF956FA04AD7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [TCP Query User{48D39F1E-3499-476F-AD7E-8701F85B64AF}C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe] => (Allow) C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe
FirewallRules: [UDP Query User{F962C9EC-3864-41F3-AF41-ED16A76AF7BC}C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe] => (Allow) C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe
FirewallRules: [TCP Query User{1794799F-581F-4D42-A2EA-8107C64E181E}C:\program files (x86)\java\jre7\launch4j-tmp\mucommander.exe] => (Allow) C:\program files (x86)\java\jre7\launch4j-tmp\mucommander.exe
FirewallRules: [UDP Query User{1D2BD891-2C37-4825-9E90-86328CF4945E}C:\program files (x86)\java\jre7\launch4j-tmp\mucommander.exe] => (Allow) C:\program files (x86)\java\jre7\launch4j-tmp\mucommander.exe
FirewallRules: [{D582C995-C7C4-45BC-80B6-D9EC290B85D2}] => (Block) C:\program files (x86)\java\jre7\launch4j-tmp\mucommander.exe
FirewallRules: [{5C2A35BE-D115-46D0-81DE-4FDC493A134C}] => (Block) C:\program files (x86)\java\jre7\launch4j-tmp\mucommander.exe
FirewallRules: [{D3A755B2-C040-419E-BB8D-5A0E1A85A434}] => (Allow) LPort=8080
FirewallRules: [{21471C4E-BDFD-41A6-9AAC-B12AF563AC92}] => (Allow) C:\Users\Supermatt\Games\Unreal Tournament 3\Binaries\UT3.exe
FirewallRules: [{B114DA39-B232-43BD-908A-A52A6E261DAC}] => (Allow) C:\Users\Supermatt\Games\Unreal Tournament 3\Binaries\UT3.exe
FirewallRules: [{5C694B8D-9B90-4EB0-8015-09736DDD44A7}] => (Allow) C:\Users\Supermatt\Games\Unreal Tournament 3\Binaries\UT3.exe
FirewallRules: [{9209EE37-F9DD-4176-AA98-D0E395559F1A}] => (Allow) C:\Users\Supermatt\Games\Unreal Tournament 3\Binaries\UT3.exe
FirewallRules: [{39B649EC-FA52-4FA6-B5F1-E805176FE1AD}] => (Allow) C:\Users\Supermatt\Games\Unreal Tournament 3\Binaries\UnrealFrontend.exe
FirewallRules: [{251DD824-2B29-4E1F-8C2D-9682C8A1022E}] => (Allow) C:\Users\Supermatt\Games\Unreal Tournament 3\Binaries\UnrealFrontend.exe
FirewallRules: [{A4E423A9-C52B-4E4E-947C-D5FDBEFB0C24}] => (Allow) C:\Users\Supermatt\Games\Unreal Tournament 3\Binaries\UnrealFrontend.exe
FirewallRules: [{A01738B7-3DA8-4742-86B6-6D1751675F2B}] => (Allow) C:\Users\Supermatt\Games\Unreal Tournament 3\Binaries\UnrealFrontend.exe
FirewallRules: [{894AD037-A945-4F4F-AA6A-A7731BEA399F}] => (Allow) C:\Users\Supermatt\Games\Unreal Tournament 3\Binaries\UnrealConsole.exe
FirewallRules: [{AC40CCE3-FEBA-49A8-8DD5-F07208B984F5}] => (Allow) C:\Users\Supermatt\Games\Unreal Tournament 3\Binaries\UnrealConsole.exe
FirewallRules: [{6D2E980D-A88A-4A5F-A131-8BA01839F9C6}] => (Allow) C:\Users\Supermatt\Games\Unreal Tournament 3\Binaries\UnrealConsole.exe
FirewallRules: [{E809BD28-7A76-4EEB-87C1-A61BBF711566}] => (Allow) C:\Users\Supermatt\Games\Unreal Tournament 3\Binaries\UnrealConsole.exe
FirewallRules: [{02FFB931-CD4D-4B17-BDA6-D75E1BB10A7E}] => (Allow) C:\Program Files (x86)\Xilisoft\Video Converter Ultimate\vcloader.exe
FirewallRules: [{27D72650-BB1A-456A-B524-C7BEAED4FAF9}] => (Allow) C:\Program Files (x86)\Xilisoft\Video Converter Ultimate\vcloader.exe
FirewallRules: [{286DC3F0-C4B8-419E-9431-C1A34A1B4656}] => (Allow) C:\Program Files (x86)\Xilisoft\Video Converter Ultimate\vcloader.exe
FirewallRules: [{8339AEBF-2F6E-4822-A7D0-9CD7FD90361B}] => (Allow) C:\Program Files (x86)\Xilisoft\Video Converter Ultimate\vcloader.exe
FirewallRules: [{623CBD65-0365-4260-9366-5F52949C7290}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{60ED3D33-DEB2-454D-A407-605782C1E0B0}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{60BC5D15-6BDE-48CE-A1F3-220D15C2DFDD}] => (Allow) C:\Program Files (x86)\PowerISO\PowerISO.exe
FirewallRules: [{6A17B749-DC74-46E5-9372-143DA0658AF0}] => (Allow) C:\Program Files (x86)\PowerISO\PowerISO.exe
FirewallRules: [{D1255087-7376-482A-9997-246634CE9C89}] => (Allow) C:\Program Files (x86)\PowerISO\PowerISO.exe
FirewallRules: [{3288B3B5-C77A-4E44-8B9A-3380D4679FBF}] => (Allow) C:\Program Files (x86)\PowerISO\PowerISO.exe
FirewallRules: [{6E2601F2-02AB-4D75-BE72-ED4D258538E9}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{FEE5923B-4360-48B6-8921-ADF4A4D7FF64}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{22A4CDB9-0712-421B-A4F5-47328E5673E2}] => (Allow) LPort=7935
FirewallRules: [{6FDEC213-17B7-449F-A107-AA36C0B3CB02}] => (Allow) C:\Windows\SysWOW64\router.exe
FirewallRules: [TCP Query User{B0CA7870-EE47-4CD0-AE1D-840F0019323E}C:\program files\java\jdk1.7.0_75\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.7.0_75\bin\jmc.exe
FirewallRules: [UDP Query User{A35E3EB5-8AE3-4C09-A4DB-024B80BCD2A4}C:\program files\java\jdk1.7.0_75\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.7.0_75\bin\jmc.exe
FirewallRules: [TCP Query User{7294E9ED-8FF7-43D3-B62D-640521C54937}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{D1388B3A-DDC7-416E-BAB4-993690A1BF3A}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [{D8368476-864A-4ECA-B099-C05D851CB68D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2621560F-4D18-498B-87A1-57AF8CE63EA6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A8C91258-814D-4C2C-93F4-84E16EFC64ED}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4FFFDBAD-5CAD-4679-B3B0-E93DC90FC6AA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BE2522F0-A7BC-429B-A14D-6ADF52657A8E}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 10\Anime Studio Pro x64.exe
FirewallRules: [{CF44B602-D564-4384-B8C6-565D3BD0C9D6}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 10\Anime Studio Pro x64.exe
FirewallRules: [{526CADE1-5929-49F7-B6B9-80A80224A7DF}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{9FA961D7-EDAA-4A11-854A-9C210380BD74}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{855318F6-83CE-4998-8DBE-2D76F5DBF3E3}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{CC846382-CC29-4046-A8DB-D39D3375CC9D}] => (Allow) C:\Program Files (x86)\Smith Micro\Anime Studio Pro 11\Anime Studio Pro Win32.exe
FirewallRules: [{60CB4EC5-7966-44CA-999C-4E623543290A}] => (Allow) C:\Program Files (x86)\Smith Micro\Anime Studio Pro 11\Anime Studio Pro Win32.exe
FirewallRules: [{48B2E9D5-9083-4DAB-9A59-8CC242D86704}] => (Allow) C:\Program Files (x86)\Smith Micro\Anime Studio Pro 11\Anime Studio Pro Win32.exe
FirewallRules: [{5E3F9622-3508-450F-9C87-5FF416430443}] => (Allow) C:\Program Files (x86)\Smith Micro\Anime Studio Pro 11\Anime Studio Pro Win32.exe
FirewallRules: [{526BD3DF-653B-4ABD-93DA-0A65DCEBC387}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 11\Anime Studio Pro x64.exe
FirewallRules: [{11C51389-8697-4972-83E3-0DA53541B953}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 11\Anime Studio Pro x64.exe
FirewallRules: [{8C089F28-6842-444C-8022-39AC99CAE226}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 11\Anime Studio Pro x64.exe
FirewallRules: [{91A56486-9729-4326-9EFA-432BB85D8F21}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 11\Anime Studio Pro x64.exe
FirewallRules: [{0A90557A-DA7B-477D-B9A2-32ABC7026234}] => (Allow) LPort=17234
FirewallRules: [{F724E459-45E6-4AD0-98CB-50B4B5068122}] => (Allow) C:\Program Files\Intel\GPA\2013 R3\gpamonitor.exe
FirewallRules: [{0EA1ACAC-67E7-4B25-B10C-AB3D7AC8B4FB}] => (Allow) C:\Program Files\Intel\GPA\2013 R3\gpamonitor.exe
FirewallRules: [{084DC32A-B2B6-4E22-8B63-E634DFBB10FC}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe
FirewallRules: [{B80DF60E-896D-4AFA-AA4F-1A8A7906CC17}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe
==================== Restore Points =========================
24-12-2015 08:12:37 Uniblue Powersuite installation
18-01-2016 20:32:25 Scheduled Checkpoint
27-01-2016 01:04:09 Scheduled Checkpoint
30-01-2016 14:29:35 ComboFix created restore point
31-01-2016 04:00:39 Checkpoint by HitmanPro
31-01-2016 04:08:18 Checkpoint by HitmanPro
31-01-2016 08:23:59 Checkpoint by HitmanPro
31-01-2016 12:38:08 Checkpoint by HitmanPro
31-01-2016 15:39:43 Checkpoint by HitmanPro
31-01-2016 15:58:59 JRT Pre-Junkware Removal
01-02-2016 16:07:04 Checkpoint by HitmanPro
01-02-2016 17:57:33 Checkpoint by HitmanPro
01-02-2016 19:54:08 Windows Update
01-02-2016 20:55:58 JRT Pre-Junkware Removal
01-02-2016 23:36:33 Windows Update
02-02-2016 06:31:27 Removed SpyHunter
02-02-2016 13:04:43 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/02/2016 12:52:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2016 12:13:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2016 09:50:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2016 09:49:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2016 07:40:40 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (02/01/2016 09:19:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/01/2016 08:24:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/01/2016 05:45:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/01/2016 05:22:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/01/2016 04:27:57 PM) (Source: ESENT) (EventID: 490) (User: )
Description: wuaueng.dll (1296) SUS20ClientDataStore: An attempt to open the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
System errors:
=============
Error: (02/02/2016 12:57:10 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
Error: (02/02/2016 12:55:32 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
Error: (02/02/2016 12:51:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WebcamMax, WDM Video Capture service failed to start due to the following error:
%%1058
Error: (02/02/2016 12:51:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Trend Micro Solution Platform service failed to start due to the following error:
%%3
Error: (02/02/2016 12:51:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The COMODO Internet Security Helper Service service failed to start due to the following error:
%%1053
Error: (02/02/2016 12:51:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the COMODO Internet Security Helper Service service to connect.
Error: (02/02/2016 12:50:14 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\bcmihvsrv64.dll
Error: (02/02/2016 12:50:14 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\bcmihvsrv64.dll
Error: (02/02/2016 12:50:06 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\bcmihvsrv64.dll
Error: (02/02/2016 12:49:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BBUpdate service terminated unexpectedly. It has done this 1 time(s).
CodeIntegrity:
===================================
Date: 2016-01-30 14:52:52.457
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-01-30 14:52:52.398
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-01-18 07:50:22.926
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
Date: 2016-01-18 07:50:22.760
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
Date: 2016-01-18 07:50:22.621
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
Date: 2016-01-18 07:50:22.369
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.
Date: 2016-01-18 07:50:22.230
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.
Date: 2016-01-18 07:50:22.088
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.
Date: 2015-10-26 20:28:28.013
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\netfilter2.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-10-26 20:28:27.959
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\netfilter2.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel® Core i5 CPU M 450 @ 2.40GHz
Percentage of memory in use: 40%
Total physical RAM: 5812.5 MB
Available physical RAM: 3435.76 MB
Total Virtual: 11952.71 MB
Available Virtual: 9215.65 MB
==================== Drives ================================
Drive c: (Disk4) (Fixed) (Total:403.27 GB) (Free:84.52 GB) NTFS
Drive f: (Disk2) (Fixed) (Total:244.14 GB) (Free:69.77 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:232.88 GB) (Free:99.39 GB) NTFS
Drive k: (New Volume) (Fixed) (Total:232.88 GB) (Free:101.8 GB) NTFS
Drive m: (Seagate Expansion Drive) (Fixed) (Total:931.51 GB) (Free:574.65 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 01C54DC0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=258.3 GB) - (Type=83)
Partition 3: (Not Active) - (Size=244.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=429 GB) - (Type=OF Extended)
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 3E19BF21)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C03BCFB4)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Edited by Supermatt01, 02 February 2016 - 08:50 AM.